The C99 standard makes the following statements about parsing header files:
Therefore, to guarantee header filenames are unique, all included files should differ (in a case insensitive manner) in their first eight characters or in their (one character) file extension.
The following non-compliant code contains references to headers that may exist independently on a specific architecture, can be ambiguously interpreted by a C99 compliant compiler.
#include "Library.h" #include <stdio.h> #include <stdlib.h> #include "library.h" #include "utilities_math.h" #include "utilities_physics.h" #include "my_library.h" /* Rest of program */ |
Library.h and library.h may be interpreted as being the same file. Also, because only the first eight characters are guaranteed to be significant, it is unknown which of utilities_math.h and utilities_physics.h will actually be parsed. Finally, if there existed a file such as my_libraryOLD.h it may inadvertently be included instead of my_library.h.
This compliant solution avoids the ambiguity by renaming the associated files to be unique under the above constraints.
#include "Lib_main.h" #include <stdio.h> #include <stdlib.h> #include "lib_2.h" #include "util_math.h" #include "util_physics.h" #include "my_library.h" /* Rest of program */ |
The only solution for mitigating ambiguity of a file such as my_libraryOLD.h is to rename old files with either a prefix (that would fall within the first eight characters) or to add an extension (such as my_library.h.old).
Failing to guarantee uniqueness of header files may cause the inclusion of an older version of a header file, which may include insecure implementations of macros.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
PRE31-C |
1 (low) |
1 (unlikely) |
1 (high) |
P1 |
L3 |
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10.2 "Source file inclusion" |