An identifier can be classified as externally linked, internally linked, or not-linked.
An identifier that is classified as externally linked can include:
An identifier that is classified as internally linked can include:
An identifer that is classified as not-linked can include:
(* If a prior declaration is visible and has no linkage, the latter declaration is externally linked.
If a prior declaration is visible and has either internal or external linkage, the latter declaration is classified with the same linkage as the prior declaration.)
Use of an identifier (within one translational unit) classified as both internally and externally linked causes undefined behavior. A translational unit includes the sourcefile together with its headers, and all sourcefiles included via the preprocessing directive #include.
In this non-compliant example, the first declaration of the identifier x would be classified as externally linked. The second declaration is internally linked. Future use of this identifier can cause undefined behavior.
int x; // externally linked int main() { static int x; // internally linked ... // future use of identifier x can cause undefined behavior } |
In this compliant solution, more descriptive identifier names are used, so as to avoid this problem.
int external_x; // externally linked int main() { static int internal_x; // internally linked ... } |
Use of an identifier classified as both internally and externally linked causes undefined behavior in the program. However, it would be highly unlikely that an attacker could exploit this behavior to run arbitrary code.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
DCL05-A |
1 (low) |
2 (probable) |
3 (low) |
P6 |
L2 |
Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.
\[ISO/IEC 9899-1999\] Section 6.2.2, "Linkages of identifiers" \\ |