Page History

...

All occurrences in a source file of the following sequences of three characters (ie. trigraph sequences) are replaced with the corresponding single character.

??=	#		??)	]		??!	|
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1c0ee6454569a2f7-7a403a30-415f4e7e-91a78fd8-3ce1dfa29146f9b1a2c6a264"><ac:plain-text-body><![CDATA[	??(	[		??'	^		??>	}	]]></ac:plain-text-body></ac:structured-macro>
??/	\		??<	{		??-	~

Non-compliant Code Example

In this non-compliant code example, a++ will is not be executed, as the trigraph sequence ??/ will be is replaced by \, logically putting a++ on the same line as the comment.

// what is the value of a now??/
a++;

Compliant Solution

Trigraph sequences can be successfully used for multi-line commentsThe following compliant solution eliminates the accidental introduction of the trigraph.

/??/
* what is the value of a now? *??/
/
a++;

Non-compliant Code Example

This non-compliant code has the trigraph sequence of ??! included, which will be is replaced by the character |.

size_t i;
/* assignment of i */
if (i > 9000) {
   puts("Over 9000!??!");
}

The above code will print prints out Over 9000!| if a C99 Compliant compiler is used.

Compliant Solution

The compliant solution uses string concatenation to place the two question marks together, as they will be interpreted as beginning a trigraph sequence otherwise.

...

The above code will print out Over 9000!??!, as intended.

Risk Assessment

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 5.2.1.1, "Trigraph sequences"
\[Wikipedia\] ["C Trigraphs"|http://en.wikipedia.org/wiki/C_trigraph]