PRE04-C. Do not reuse a standard header file name
If a file with the same name as a standard header is placed in the search path for included source files, the behavior is undefined .
The following table from the C Standard, subclause 7.1.2 [ ISO/IEC 9899:2011 ], lists these standard headers:
<assert.h> | <float.h> | <math.h> | <stdatomic.h> | <stdlib.h> | <time.h> |
<complex.h> | <inttypes.h> | <setjmp.h> | <stdbool.h> | <stdnoreturn.h> | <uchar.h> |
<ctype.h> | <iso646.h> | <signal.h> | <stddef.h> | <string.h> | <wchar.h> |
<errno.h> | <limits.h> | <stdalign.h> | <stdint.h> | <tgmath.h> | <wctype.h> |
<fenv.h> | <locale.h> | <stdarg.h> | <stdio.h> | <threads.h> |
Do not reuse standard header file names, system-specific header file names, or other header file names.
Noncompliant Code Example
In this noncompliant code example, the programmer chooses to use a local version of the standard library but does not make the change clear:
#include "stdio.h" /* Confusing, distinct from <stdio.h> */
/* ... */
Compliant Solution
The solution addresses the problem by giving the local library a unique name (per PRE08-C. Guarantee that header file names are unique ), which makes it apparent that the library used is not the original:
/* Using a local version of stdio.h */
#include "mystdio.h"
/* ... */
Risk Assessment
Using header file names that conflict with other header file names can result in an incorrect file being included.
| Recommendation | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| PRE04-C | Low | Unlikely | Yes | No | P2 | L3 |
Automated Detection
| Tool | Version | Checker | Description |
|---|---|---|---|
| Axivion Bauhaus Suite | 7.2.0 | CertC-PRE04 | |
| Cppcheck Premium | 24.11.0 | premium-cert-pre04-c | |
1.2 | CC2.PRE04 | Fully implemented | |
| Helix QAC | 2025.2 | C5001 | |
| LDRA tool suite | 9.7.1 | 568 S | Fully implemented |
| Polyspace Bug Finder | R2025b | Checks for reuse of standard header file (rec. fully covered) | |
| Security Reviewer - Static Reviewer | 6.02 | RTOS_22 | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website .
Related Guidelines
| SEI CERT C++ Coding Standard | VOID PRE04-CPP. Do not reuse a standard header file name |
| CERT Oracle Secure Coding Standard for Java | DCL01-J. Do not reuse public identifiers from the Java Standard Library |
Bibliography
| [ ISO/IEC 9899:2011 ] | Subclause 7.1.2, "Standard Headers" |
