It is necessary to understand how macro replacement works in C, particularly in the context of concatenating tokens using the ##
operator and converting macro parameters to strings using the #
operator.
Concatenating Tokens
Wiki Markup |
---|
The {{\##}} preprocessing operator is used to merge two tokens into one while expanding macros. This is called token pasting or token concatenation. When a macro is expanded, the two tokens on either side of each ## operator are combined into a single token, which replaces the {{\##}} and the two original tokens in the macro expansion \[[FSF 05|AA. C References#FSF 05]\]. |
Token pasting is most useful when one or both of the tokens comes from a macro argument. If either of the tokens next to an ##
is a parameter name, it is replaced by its actual argument before ##
executes. The actual argument is not macro expanded first.
Stringification
Wiki Markup |
---|
Parameters are not replaced inside string constants, but you can use the {{\#}} preprocessing operator instead. When a macro parameter is used with a leading {{\#}}, the preprocessor replaces it with the literal text of the actual argument, converted to a string constant \[[FSF 05|AA. C References#FSF 05]\]. |
...
Noncompliant Code Example
The following definition for static_assert()
from DCL03-C. Use a static assertion to test the value of a constant expression uses the JOIN()
macro to concatenate the token assertion_failed_at_line_
with the value of __LINE__
.
...
because the __LINE__
is not expanded, and the character array is subsequently named assertion_failed_at_line___LINE__
.
Compliant Solution
To get the macro to expand, a second level of indirection is required, as shown by this compliant solution:
...
Note also that macro parameters cannot be individually parenthesized when concatenating tokens using the ##
operator, converting macro parameters to strings using the #
operator, or concatenating adjacent string literals. This is an exception PRE01-EX2 to PRE01-C. Use parentheses within macros around parameter names - CERT Secure Coding Standards.
...
Noncompliant Code Example
This example is noncompliant if the programmer's intent is to expand the macro before stringification:
...
The macro invocation str(foo)
expands to "foo"
.
Compliant Solution
To stringify the result of expansion of a macro argument, you must use two levels of macros:
...
The macro invocation xstr(foo)
expands to "4"
. This is because 's'
is stringified when it is used in str()
, so it is not macro expanded first. However, 's'
is an ordinary argument to xstr()
, so it is completely macro expanded before xstr()
is expanded. Consequently, by the time str()
gets to its argument, it has already been macro expanded.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
PRE05-C | low | unlikely | medium | P2 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
Wiki Markup |
---|
\[[FSF 05|AA. C References#FSF 05]\] Section 3.4, "[Stringification|http://gcc.gnu.org/onlinedocs/cpp/Stringification.html]; and Section 3.5, "[Concatenation|http://gcc.gnu.org/onlinedocs/gcc-4.3.0/cpp/Concatenation.html#Concatenation]" \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10.3, "Macro replacement," Section 6.10.3.3, "The {{\##}} operator," Section 6.10.3.2, "The {{\#}} operator," Section 6.10.3.4, "Rescanning and further replacement," and Section 6.10.8, "Predefined macro names" \[[Saks 08|AA. C References#Saks 08]\] |
...