| Wiki Markup |
|---|
The macro expansion should always be parenthesized within a function-like macro to protect any lower-precedence operators from the surrounding expression. See also \[[PRE00-A. Prefer inline functions to macros]\] and \[[PRE01-A. Use parentheses within macros around parameter names]\]. |
Non-Compliant Code Example
This CUBE() macro definition is non-compliant because it fails to parenthesize the macro expansion.
...
which is not the desired behavior.
Compliant Solution
By parenthesizing the macro expansion, the CUBE() macro expands correctly (when invoked in this manner).
| Code Block | ||
|---|---|---|
| ||
#define CUBE(X) ((X) * (X) * (X)) int i = 3; int a = 81 / CUBE(i); |
...
Non-Compliant Code Example
The problem is not limited to function-like macros.
| Code Block | ||
|---|---|---|
| ||
#define sum 2+3
int result = sum*4;
|
The value of result is 14 instead of the expected 20.
Compliant Solution
Parenthesizing the macro yields the expected answer.
| Code Block | ||
|---|---|---|
| ||
#define sum (2+3)
int result = sum*4; /* 20 */
|
Risk Assessment
Failing to parenthesize around a function-like macro can result in unexpected arithmetic results.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Summit 05|AA. C References#Summit 05]\] Question 10.1 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment" |