The C language provides several different kinds of constants: integer constants, such as 10 and 0x1C, ; floating constants, such as 1.0 and 6.022e+23, ; and character constants, such as 'a' and '\x10'. C also provides string literals, such as "hello, world" and "\n". These may all be referred to as literals.
| Wiki Markup |
|---|
When used in program logic, literals can reduce the readability of source code. As a result, literals, in general, and integer constants, in particular, are frequently called _magic numbers_ because their purpose is often obscured. Magic numbers may be constant values that represent either an arbitrary value (such as a determined appropriate buffer size) or a malleable concept (such as the age a person is considered an adult, which can change between geopolitical boundaries). Rather than embed literals in program logic, use appropriately named symbolic constants to clarify the intent of the code. In addition, if a specific value needs to be changed, reassigning a symbolic constant once is more efficient and less error prone than replacing every instance of the value \[[Saks 2002|AA. Bibliography#Saks 02]\]. |
...
A preprocessing directive of the form:
# define identifier replacement-list
...
This use of integer literals can easily result in buffer overflows, if, for example, the buffer size is reduced but the integer literal used in the call to fgets() is not.
...
In this compliant solution, the integer literal is replaced with an enumeration constant. (See guideline recommendation DCL00-C. Const-qualify immutable objects.)
...
Frequently, it is possible to obtain the desired readability by using a symbolic expression composed of existing symbols rather than by defining a new symbol. For example, a sizeof expression can work just as well as an enumeration constant. (See guideline recommendation EXP09-C. Use sizeof to determine the size of a type or variable.)
...
| Wiki Markup |
|---|
Using the {{sizeof}} expression in this example reduces the total number of names declared in the program, which is generally a good idea \[[Saks 2002|AA. Bibliography#Saks 02]\]. The {{sizeof}} operator is almost always evaluated at compile time (except in the case of variable-length arrays). |
When working with sizeof(), keep in mind guideline recommendation ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array.
...
Note that this example does not check for invalid operations (taking the sqrt() of a negative number). See guideline rule FLP32-C. Prevent or detect domain and range errors in math functions for more information on detecting domain and range errors in math functions.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: DCL06-CPP. Use meaningful symbolic constants to represent literal values in program logic
Bibliography
Wiki Markup
ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] TR 24772 "BRS Leveraging human experience"
MITRE CWE: CWE-547, "Use of Hard-coded, Security-relevant Constants"
Bibliography
| Wiki Markup |
|---|
\[[MITREHenricson 20071992|AA. Bibliography#MITREBibliography#Henricson 0792]\] [CWEChapter ID 54710, "[Constants|http://cwe.mitre.org/data/definitions/547.html], "Use of Hard-coded, Security-relevant Constantswww.doc.ic.ac.uk/lab/cplus/c++.rules/chap10.html]" \[[Saks 2001a|AA. Bibliography#Saks 01]\] \[[Saks 2001b|AA. Bibliography#Saks 02]\] \[[Saks 2002|AA. Bibliography#Saks 02]\] \[[Summit 2005|AA. Bibliography#Summit 05]\] [Question 10.5b|http://c-faq.com/cpp/constvsdefine.html] |
...