...
In general, universal character names should be avoided in identifiers unless absolutely necessary. The basic character set should suffice for almost every identifier.
Non-Compliant Code Example
This code example is non-compliant noncompliant because it produces a universal character name by token concatenation.
| Code Block | ||
|---|---|---|
| ||
#define assign(uc1, uc2, uc3, uc4, val) \ uc1##uc2##uc3##uc4 = val; int \U00010401\U00010401\U00010401\U00010402; assign(\U00010401, \U00010401, \U00010401, \U00010402, 4); |
Compliant Solution
This code solution is compliant.
| Code Block | ||
|---|---|---|
| ||
#define assign(ucn, val) ucn = val; int \U00010401\U00010401\U00010401\U00010402; assign(\U00010401\U00010401\U00010401\U00010402, 4); |
Risk Assessment
Creating a universal character name through token concatenation results in undefined behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
PRE30-C | low | unlikely | medium | P2 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[ISO/IEC 10646-2003|AA. C References#ISO/IEC 10646-2003]\] \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 5.1.1.2, "Translation phases," Section 6.4.3, "Universal character names," and Section 6.10.3.3, "The ## operator" |
...