Page History

Parenthesize all variableparameter names in macro definitions. See also \[[PRE00-A. Prefer inline functions to macros]\] and \[[PRE02-A. Macro expansion should always be parenthesized for function-like macros]\].

Non-Compliant Code Example

This CUBE() macro definition is non-compliant because it fails to parenthesize the variable parameter names.

#define CUBE(I) (I * I * I)
int a = 81 / CUBE(2 + 1);

...

int a = 81 / (2 + 1 * 2 + 1 * 2 + 1);  /* evaluates to 11 */

Which which is clearly not the desired result.

Compliant Solution

Parenthesizing all variable parameter names in the CUBE() macro allows it to expand correctly (when invoked in this manner).

#define CUBE(I) ( (I) * (I) * (I) )
int a = 81 / CUBE(2 + 1);

Exceptions

When the parameter names are surrounded by commas in the replacement text, regardless how complicated the actual arguments are, there is no need for parenthesization around the macro parameters.  Since commas have lower precedence than any other operator, there is no chance of the actual arguments being parsed in a surprising way.

 #define FOO(a, b, c) bar(a, b, c)
/* ... */ 
FOO(arg1, arg2, arg3); 

Risk Assessment

Failing to parenthesize around the variable parameter names within a macro can result in unintended program behavior.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[Plum 85|AA. C References#Plum 85]\] 
\[[Summit 05|AA. C References#Summit 05]\] Question 10.1
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment"