CertC-PRE04¶

Do not reuse a standard header file name

Required inputs: IR

If a file with the same name as a standard header is placed in the search path for included source files, the behavior is undefined.

The following table from the C Standard, subclause 7.1.2 [ ISO/IEC 9899:2011], lists these standard headers:

`<assert.h>`	`<float.h>`	`<math.h>`	`<stdatomic.h>`	`<stdlib.h>`	`<time.h>`
`<complex.h>`	`<inttypes.h>`	`<setjmp.h>`	`<stdbool.h>`	`<stdnoreturn.h>`	`<uchar.h>`
`<ctype.h>`	`<iso646.h>`	`<signal.h>`	`<stddef.h>`	`<string.h>`	`<wchar.h>`
`<errno.h>`	`<limits.h>`	`<stdalign.h>`	`<stdint.h>`	`<tgmath.h>`	`<wctype.h>`
`<fenv.h>`	`<locale.h>`	`<stdarg.h>`	`<stdio.h>`	`<threads.h>`

Do not reuse standard header file names, system-specific header file names, or other header file names.

Noncompliant Code Example

In this noncompliant code example, the programmer chooses to use a local version of the standard library but does not make the change clear:

#include "stdio.h"  /* Confusing, distinct from <stdio.h> */

/* ... */

Compliant Solution

The solution addresses the problem by giving the local library a unique name (per PRE08-C. Guarantee that header file names are unique), which makes it apparent that the library used is not the original:

/* Using a local version of stdio.h */
#include "mystdio.h"

/* ... */

Risk Assessment

Using header file names that conflict with other header file names can result in an incorrect file being included.

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
PRE04-C	Low	Unlikely	Medium	P2	L3

Related Guidelines

SEI CERT C++ Coding Standard	VOID PRE04-CPP. Do not reuse a standard header file name
CERT Oracle Secure Coding Standard for Java	DCL01-J. Do not reuse public identifiers from the Java Standard Library

Bibliography

[ ISO/IEC 9899:2011]

Subclause 7.1.2, "Standard Headers"

Excerpt from SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition) and SEI CERT C Coding Standard [https://cmu-sei.github.io/secure-coding-standards/sei-cert-c-coding-standard/recommendations/preprocessor-pre/pre04-c], Copyright (C) 1995-2026 Carnegie Mellon University. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key	Text	Severity	Disabled
reused_std_name	User include files should not reuse the names of standard headers.	None	False

Options¶

This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity
The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

standard_names¶

standard_names

Type: set[str]

Default: {'assert.h', 'complex.h', 'ctype.h', 'errno.h', 'fenv.h', 'float.h', 'inttypes.h', 'iso646.h', 'limits.h', 'locale.h', 'math.h', 'setjmp.h', 'signal.h', 'stdalign.h', 'stdarg.h', 'stdatomic.h', 'stdbool.h', 'stddef.h', 'stdint.h', 'stdio.h', 'stdlib.h', 'stdnoreturn.h', 'string.h', 'tgmath.h', 'threads.h', 'time.h', 'uchar.h', 'wchar.h', 'wctype.h'}

The forbidden names for user-include files.

Axivion Suite 7.12.0

Navigation