SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 39

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 40

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

All occurrences in a source file of the following sequences of three characters (that is, trigraph sequences) are replaced with the corresponding single character.

??=

#

 

??)

]

 

??!

|

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6ca81ca86e955009-ea0e01e4-42324262-8daabfd8-bf2a62c3f76f0fe494d84221"><ac:plain-text-body><![CDATA[

??(

[

 

??'

^

 

??>

}

]]></ac:plain-text-body></ac:structured-macro>

??/

\

 

??<

{

 

??-

~

Non-Compliant Code Example

In this noncompliant code example, a++ is not executed, because the trigraph sequence ??/ is replaced by \, logically putting a++ on the same line as the comment.

Code Block
bgColor#ffcccc
// what is the value of a now??/
a++;

Compliant Solution

The following compliant solution eliminates the accidental introduction of the trigraph by separating the ?'s

Code Block
bgColorccccff
// what is the value of a now? ?/
a++;

Non-Compliant Code Example

This noncompliant code example includes the trigraph sequence ??!, which is replaced by the character |.

...

This example prints Over 9000!| if a C99-compliant compiler is used.

Compliant Solution

The compliant solution uses string concatenation to concatenate the two question marks; otherwise they are interpreted as beginning a trigraph sequence.

...

The above code prints Over 9000!??!, as intended.

Risk Assessment

Inadvertent trigraphs can result in unexpected behavior. Some compilers provide options to warn when trigraphs are encountered, or to disable trigraph expansion. Use the warning options and ensure your code compiles cleanly (see MSC00-C. Compile cleanly at high warning levels).

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

PRE07-C

low

unlikely

medium

P2

L3

Automated Detection

GCC provides a -Wtrigraphs option that warns when trigraphs are used. GCC also provides a --no-trigraph option that is enabled by default.

The LDRA tool suite V 7.6.0 can detect violations of this recommendation.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 5.2.1.1, "Trigraph sequences"
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 4.2

...