...
Non-Compliant Code Example
The problem Expected behavior resulting from macro expansion is not limited to function-like macros. This object-like macro definition in this example is non-compliant because the macro expansion is not parenthesized.
| Code Block | ||
|---|---|---|
| ||
#define sum a+b /* ... */ int result = sum*4; |
The value of result is a+(b*4) instead of the expected (a+b)*4.
Compliant Compliant Solution
Parenthesizing the macro yields the expected answer.
...
Note that there must be a space after sum, otherwise it becomes a function-like macro.
Exceptions
PRE02-EX1. A macro that expands to a single identifier or function call will does not change the precedence of any operators in the surrounding expression, so it need not be parenthesized.
...
Risk Assessment
Failing to parenthesize around a function-like macro expansions can result in unexpected arithmetic results.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
PRE02-A | 1 (low) | 1 (unlikely) | 3 (low) | P3 | L3 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Summit 05|AA. C References#Summit 05]\] Question 10.1 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment" \[[Summit 05|AA. C References#Summit 05]\] Question 10.1 |