It is necessary to understand how macro replacement works in C, particularly in the context of concatenating tokens using the ## operator and converting macro parameters to strings using the # operator.
Concatenating Tokens
| Wiki Markup |
|---|
ItThe {{##}} preprocessing operator is often usefulused to merge two tokens into one while expanding macros. This is called token pasting or token concatenation. The {{##}} preprocessing operator performs token pasting. When a macro is expanded, the two tokens on either side of each ## operator are combined into a single token, which replaces the {{##}} and the two original tokens in the macro expansion \[[FSF 05|AA. C References#FSF 05]\]. |
Token pasting is most useful when one or both of the tokens comes from a macro argument. If either of the tokens next to an ## is a parameter name, it is replaced by its actual argument before ## executes. The actual argument is not macro-expanded first.
Stringification
| Wiki Markup |
|---|
Parameters are not replaced inside string constants, but you can use the {{#}} preprocessing operator instead. When a macro parameter is used with a leading {{#}}, the preprocessor replaces it with the literal text of the actual argument, converted to a string constant \[[FSF 05|AA. C References#FSF 05]\]. |
Non-Compliant Code Example
| Wiki Markup |
|---|
The following definition for {{static_assert()}} from \[[DCL03-A. Use a static assertion to test the value of a constant expression]] uses the {{JOIN()}} macro to concatenate the token {{assertion_failed_at_line_}} with the value of {{\_\_LINE\_\_}}. |
...
because the __LINE__ is not expanded, and the character array is subsequently named assertion_failed_at_line___LINE__.
Compliant Solution
To get the macro to expand, a second level of indirection has to be added as in is required, as shown by this compliant solution:
| Code Block | ||
|---|---|---|
| ||
#define JOIN(x, y) JOIN_AGAIN(x, y) #define JOIN_AGAIN(x, y) x ## y |
...
| Wiki Markup |
|---|
Note also that macro parameters cannot be individually parenthesized when concatenating tokens using the {{##}} operator, converting macro parameters to strings using the {{#}} operator, or concatenating adjacent string literals. This is exception *PRE01-EX2* to \[[PRE01-A. Use parentheses within macros around parameter names]\]. |
Non-Compliant Code Example
This example is non-compliant if the programmer's intent is to expand the macro before stringification:
| Code Block | ||
|---|---|---|
| ||
#define str(s) #s
#define foo 4
str(foo)
|
The macro invocation str(foo) expands to "foo".
Compliant Solution
To stringify the result of expansion of a macro argument, you must use two levels of macros:
| Code Block | ||
|---|---|---|
| ||
#define xstr(s) str(s)
#define str(s) #s
#define foo 4
|
The macro invocation xstr(foo) expands to "4". This is because 's' is stringified when it is used in str(), so it is not macro-expanded first. However, 's' is an ordinary argument to xstr(), so it is completely macro-expanded before xstr() is expanded. Consequently, by the time str() gets to its argument, it has already been macro-expanded.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
PRE05-A | low | unlikely | medium | P1 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[FSF 05|AA. C References#FSF 05]\] Section 3.4, "[Stringification|http://gcc.gnu.org/onlinedocs/cpp/Stringification.html]; and Section 3.5, "[Concatenation|http://gcc.gnu.org/onlinedocs/gcc-4.3.0/cpp/Concatenation.html#Concatenation]" \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10.3, "Macro replacement," Section 6.10.3.3, "The {{##}} operator," Section 6.10.3.2, " andThe {{#}} operator," Section 6.10.3.4, "Rescanning and further replacement," and Section 6.10.8, "Predefined macro names" \[Saks 08\] Dan Saks, Stephen C. Dewhurst. Presentation. Sooner Rather Than Later: Static Programming Techniques for C++. |
...