...
The following table from the C Standard, subclause 7.1.2 [ISO/IEC 9899:2011], lists these standard headers:
<assert.h> | <float.h> | <math.h> | <stdatomic.h> | <stdlib.h> | <time.h> |
<complex.h> | <inttypes.h> | <setjmp.h> | <stdbool.h> | <stdnoreturn.h> | <uchar.h> |
<ctype.h> | <iso646.h> | <signal.h> | <stddef.h> | <string.h> | <wchar.h> |
<errno.h> | <limits.h> | <stdalign.h> | <stdint.h> | <tgmath.h> | <wctype.h> |
<fenv.h> | <locale.h> | <stdarg.h> | <stdio.h> | <threads.h> |
Do not reuse standard header file names, system-specific header file names, or other header file names.
...
Using header file names that conflict with other header file names can result in an incorrect file being included.
Recommendation | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
PRE04-C | Low | Unlikely | Yes |
No | P2 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Axivion Bauhaus Suite |
| CertC-PRE04 | |||||||
| Cppcheck Premium |
| premium-cert-pre04-c | |||||||
| CC2.PRE04 | Fully implemented | |||||||
| Helix QAC |
| C5001 | |||||||
| LDRA tool suite |
| 568 S | Fully implemented |
| Polyspace Bug Finder |
| Checks for reuse of standard header file (rec. fully covered) | |||||||
| Security Reviewer - Static Reviewer |
| RTOS_22 | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | VOID PRE04-CPP. Do not reuse a standard header file name |
| CERT Oracle Secure Coding Standard for Java | DCL01-J. Do not reuse public identifiers from the Java Standard Library |
Bibliography
| [ISO/IEC 9899:2011] | Subclause 7.1.2, "Standard Headers" |
...
...