SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 2

changes.mady.by.user Pamela Curtis

Saved on

compared with

New Version 3

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider (sch jbop) (X_X)@==(Q_Q)@

...

Code Block
bgColor#FFcccc
#define EOF -1
/* // ... */
if (c EOF) {
   /* // ... */
}

Wiki Markup
In this example, the programmer has mistakenly omitted the comparison operator (see \[[MSC02-A. Avoid errors of omission]\]) from the conditional statement, which should be {{c \!= EOF}}. After macro expansion, the conditional expression is incorrectly evaluated as a binary operation: {{c-1}}. This is syntactically correct, even though it is certainly not what the programmer intended.

...

Code Block
bgColor#ccccff
#define EOF (-1)
/* // ... */
if (c != EOF) {
   /* // ... */
}

Risk Assessment

Failure to use parenthesis around macro definitions that contain operators can result in unintended program behavior.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Plum 85|AA. C References#Plum 85]\] Rule 1-1
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment"