Use type definitions (typedef) to improve code readability.
The following declaration of the signal() function does not make use of typedef names and is consequently hard to read.
void (*signal(int, void (*)(int)))(int); |
This compliant solution makes use of typedef names to specify exactly the same type as in the non-compliant coding example.
typedef void (*SignalHandler)(int signum); extern SignalHandler signal(int signum, SignalHandler handler); |
Code readability is important for discovering and eliminating vulnerabilities.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DCL05-A |
1 (low) |
1 (unlikely) |
2 (medium) |
P2 |
L3 |
The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.7, "Type definitions" |
DCL04 NCCE 2 DCL04-A. Take care when declaring more than one variable per declaration DCL06-A. Use meaningful symbolic constants to represent literal values in program logic