...
Macros can be used to execute a sequence of multiple statements as group.
In the event that multiple statements in a macro is not bound in a do-while loop (see Note that the following macro violates PRE10-C. Wrap multi-statement macros in a do-while loop), an if statement with opening and closing braces will still ensure that all statements of the macro are properly executed.
| Code Block | ||
|---|---|---|
| ||
/* * Swaps two values. * Requires tmp variable to be defined. */ #define SWAPDEC(x, y) \ tmp =printf("Initial value was %d\n", x); \ x -= y; \ printf("Current value y = tmpis %d\n", x) |
This macro will expand correctly in a normal sequence of statements, but not as the then-clause in an if statement:
| Code Block | ||
|---|---|---|
| ||
int x, y, z, tmp; if (z == 0) SWAPDEC( x, y); |
This will expand to:
| Code Block | ||
|---|---|---|
| ||
int x, y, z, tmp; if (z == 0) tmp =printf("Initial value was %d\n", x); x -= y; y = tmpprintf("Current value is %d\n", x); |
Compliant Solution
Given an if statement bounded with opening and closing braces, the macro would expand as intended.
| Code Block | ||
|---|---|---|
| ||
int x, y, z, tmp; if (z == 0) { printf("Initial value tmp =was %d\n", x); x -= y; y = tmp;printf("Current value is %d\n", x) } |
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP19-C | medium | probable | medium | P8 | L2 |
...