SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Andrew Keeton

Saved on

compared with

New Version 4

changes.mady.by.user Andrew Keeton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Changed to PRE32-C (rule), quoted section 6.10.3.11 of C99, minor text edits

Wiki Markup
The arguments to a macro should not include preprocessor directives such as {{\#define}}, {{\#ifdef}}, and {{\#include}}.  Doing so is [undefined behavior|BB. Definitions#undefined behavior] according to section 6.10.3.11 of the C99 standard \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\].  This includes using preprocessor directives in arguments to a function where it is unknown whether or not the function is implemented using a macro.   Examples include standard library functions such as {{memcpy()}}, {{printf()}}, and {{assert()}}:

The sequence of preprocessing tokens bounded by the outside-most matching parentheses forms the list of arguments for the function-like macro.  The individual arguments within the list are separated by comma preprocessing tokens, but comma preprocessing tokens between matching inner parentheses do not separate arguments.  If there are sequences of preprocessing tokens within the list of arguments that would otherwise act as preprocessing directives, the behavior is undefined.

The scope of this rule includes using preprocessor directives in arguments to a function where it is unknown whether or not the function is implemented using a macro.  For example, standard library functions such as memcpy(), printf(), and assert() may be implemented as macros.

Noncompliant Code Example

Wiki Markup
In this noncompliant code example \[[GCC Bugs|http://gcc.gnu.org/bugs.html#nonbugs_c]\], the author isuses preprocessor attemptingdirectives to specify anplatform-specific argumentarguments to {{memcpy()}} depending on the current platform by using preprocessor directives within the function call.  However, if {{memcpy()}} is implemented using a macro, the code will result in undefined behavior.  For example, this code will compile using GCC version 3.3 and later, but will not compile using GCC versions prior to 3.3 if {{memcpy()}} is a macro.

Code Block
bgColor#FFCCCC
   memcpy(dest, src,
#ifdef PLATFORM1
	 12
#else
	 24
#endif
	);

Compliant Code Example

Wiki Markup
In this compliant solution \[[GCC Bugs|http://gcc.gnu.org/bugs.html#nonbugs_c]\], the appropriate call to {{memcpy()}} is determined outside the function call.

Code Block
bgColor#ccccff
#ifdef PLATFORM1
   memcpy(dest, src, 12);
#else
   memcpy(dest, src, 24);
#endif

Risk Assessment

Improper use of macros may result in undefined behavior.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

PRE13 PRE32-C

low

unlikely

medium

P2

L3

References

Wiki Markup
\[[GCC Bugs|http://gcc.gnu.org/bugs.html#nonbugs_c]\] "Non-bugs"
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10.3.11, "Macro replacement"