Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

If a file with the same name as a standard header is placed in the search path for included source files, the behavior is undefined.

The following table from the C Standard, subclause 7.1.2 [ISO/IEC 9899:2011], lists these standard headers:

<assert.h>
<complex
<float.h><math.h>
<ctype
<stdatomic.h>
<errno
<stdlib.h>
<fenv
<time.h>
<float
<complex.h><inttypes.h><setjmp.h>
<iso646
<stdbool.h>
<limits
<stdnoreturn.h>
<locale
<uchar.h>
<math
<ctype.h>
<setjmp
<iso646.h><signal.h>
<stdarg
<stddef.h>
<stdbool
<string.h>
<stddef
<wchar.h>
<stdint
<errno.h>
<stdio
<limits.h>
<stdlib
<stdalign.h>
<string
<stdint.h><tgmath.h><wctype.h>
<fenv.h>
<time
<locale.h>
<uchar
<stdarg.h>
<wchar
<stdio.h>
<wctype
<threads.h>

Do not reuse standard header file names, system-specific header file names, or other header file names.

...

In this noncompliant code example, the programmer chooses to use a local version of the standard library but does not make the change clear.:

Code Block
bgColor#FFcccc
langc#ffcccc

#include "stdio.h"  /* confusingConfusing, distinct from <stdio.h> */

/* ... */

...

The solution addresses the problem by giving the local library a unique name (as per PRE08-C. Guarantee that header file names are unique), which makes it apparent that the library used is not the original.:

Code Block
bgColor#ccccFF
lang#ccccffc

/* Using a local version of stdio.h */ 
#include "mystdio.h"

/* ... */

...

Using header file names that conflict with other header file names can result in an incorrect file being included.

Recommendation

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

PRE04-C

Low

low

Unlikely

unlikely

Yes

medium

No

P2

L3

Automated Detection

...

ToolVersionCheckerDescription
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-PRE04
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

premium-cert-pre04-c

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.PRE04

Fully implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C5001
LDRA tool suite
Include Page
LDRA_V
LDRA_V

568 S

Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

...

Related Guidelines

...

...

Bibliography

...

...

...

...

2011]Subclause 7.1.2,

...

"Standard

...

Headers"


...

PRE03-C. Prefer typedefs to defines for encoding types      01. Preprocessor (PRE)      Image Added Image Added Image Modified