Page History

Parenthesize all variable names in macro definitions. See also \[[PRE02-A. Macro expansion must always be parenthesized|PRE02-A. Macro expansion must always be parenthesized]\] and \[[PRE00-A. Prefer inline functions to macros|PRE00-A. Prefer inline functions to macros]\] .

Non-Compliant Code Example

...

As a result, the invocation

int a = 81 / CUBE(2 + 1);

expands to

int a = 81 / (2 + 1 * 2 + 1 * 2 + 1);  /* evaluates to 11 */

while Which is clearly not the desired behavior is

int a = 81 / ( (2 + 1) * (2 + 1) * (2 + 1)); /* evaluates to 3 */

result.

Compliant Solution

Parenthesizing all variable names in the CUBE() macro allows it to expand correctly (when invoked in this manner).

#define CUBE(I) ( (I) * (I) * (I) )
int a = 81 / CUBE(2 + 1);

However, if a parameter appears several times in the expansion, the macro may not work properly if the actual argument is an expression with side effects. Given the CUBE() macro above, the invocation

int a = 81 / CUBE(i++);
{code:bgColor=#ccccff}
expands to

int a = 81 / (i++ * i++ * i++);

...

Risk Assessment

Failing to parenthesize around the variable names within a macro can result in unexpected arithmetic results.

which is undefined (see \[[EXP30|EXP30-C. Do not depend on order of evaluation between sequence points]\]).

Risk Assessment

Examples of vulnerabilities resulting from the violation of this recomendation recommendation can be found on the
CERT website.

References

\[[Summit 05|AA. C References#Summit 05]\] Question 10.1
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment"