SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 72

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 73

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider $version (sch jbop) (X_X)@==(Q_Q)@

Macro replacement lists should be parenthesized to protect any lower-precedence operators from the surrounding expression. See also PRE00-C. Prefer inline or static functions to function-like macros - CERT Secure Coding Standards and PRE01-C. Use parentheses within macros around parameter names - CERT Secure Coding Standards.

...

Noncompliant Code Example

This CUBE() macro definition is noncompliant because it fails to parenthesize the replacement list.

...

which is not the desired behavior.

Compliant Solution

With its replacement list parenthesized, the CUBE() macro expands correctly for this type of invocation.

...

This compliant solution violates PRE00-C. Prefer inline or static functions to function-like macros - CERT Secure Coding Standards. Consequently, this solution would be better implemented as an inline function.

...

Noncompliant Code Example

In this noncompliant code example, EOF is defined as -1. The macro replacement list consists of a unary negation operator '-' followed by an integer literal '1'.

...

Once this modification is made, the noncompliant code example no longer compiles because the macro expansion results in the conditional expression getchar() (-1), which is no longer syntactically valid. Note that there must be a space after EOF because otherwise it becomes a function-like macro (and one that is incorrectly formed, because -1 cannot be a formal parameter).

Compliant Solution

In this compliant solution, the macro definition is replaced with an enumeration constant in compliance with DCL00-C. Const-qualify immutable objects.

Code Block
bgColor#ccccff
enum { EOF = -1 };
/* ... */
if (getchar() != EOF) {
   /* ... */
}

Exceptions

PRE02-EX1. A macro that expands to a single identifier or function call is not affected by the precedence of any operators in the surrounding expression, so its replacement list need not be parenthesized.

Code Block
#define MY_PID getpid()

Risk Assessment

Failing to parenthesize macro replacement lists can cause unexpected results.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

PRE02-C

medium

probable

low

P12

L1

Automated Detection

The LDRA tool suite V 7.6.0 can detect violations of this recommendation.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "JCW Operator precedence/Order of Evaluation", "NMP Pre-processor Directions"
\[[Plum 85|AA. C References#Plum 85]\] Rule 1-1
\[[Summit 05|AA. C References#Summit 05]\] Question 10.1

...