...
The compliant solution is to write the macro definition without the semicolon at the end, leaving the decision whether or not to have a semicolon up to the person who is using the macro.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
#define FOR_LOOP(n) for(i=0; i<(n); i++)
int i;
FOR_LOOP(3)
{
puts("Inside for loop\n");
}
|
...
In this noncompliant code example, the programmer defines a macro that increments the value of the first argument, x, by one and modulates it with the value of the second argument, max.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
#define INCREMENT(x, max) ((x) = ((x) + 1) % (max));
int index = 0;
int value;
value = INCREMENT(index, 10) + 2;
/* ... */
|
In this case, the programmer intends to increment index and then use that as a value by adding 2 to it. Unfortunately, the value is equal to the incremented value of index because of the semicolon present at the end of the macro. The + 2; is treated as a separate statement by the compiler. The user will not get any compilation errors. If the user has not enabled warnings while compiling, the effect of the semicolon in the macro cannot be detected at an early stage.
...
The compliant solution is to write the macro definition without the semicolon at the end, leaving the decision whether or not to have a semicolon up to the person who is using the macro.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
#define INCREMENT(x, max) ((x) = ((x) + 1) % (max)) |
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
TODO
...