...
Noncompliant Code Example (assert)
In this example, a programmer attempts to access his own verification functionality by suppressing the assert macro and instead sending control to the standard assert() macro is suppressed in favor of calling a user-defined assert() function.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <myassert<assert.h> #include <assert"myassert.h>h" void fullAssert(int e) { assert(0e <> e0); // Invoke standard library assert() (assert)(0e <> e0); // assert() macro suppressed, calling function assert() } |
Having this function and attempting to access it produces undefined behavior. It is also a violation of DCL37-C. Do not declare or define a reserved identifier.
Compliant Solution (assert)
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <myassert<assert.h> #include <assert"myassert.h>h" void fullAssert(int e) { assert(0e <> e0); // Standard library assert() myassert(e > 0); // Well-defined custom assertion function } |
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC38-C | low | unlikely | medium | P2 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
| [ISO/IEC 9899:2011] | Annex J, subclause J.2, "Undefined behavior" |