...
The C Standard, 5.1.1.2, paragraph 4 [ISO/IEC 9899:20112024], says
If a character sequence that matches the syntax of a universal character name is produced by token concatenation (6.10.35.3), the behavior is undefined.
...
Creating a universal character name through token concatenation results in undefined behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
PRE30-C | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| universal-character-name-concatenation | Fully implemented | ||||||
| CertC-PRE30 | Fully implemented | |||||||
| CodeSonar |
| LANG.PREPROC.PASTE LANG.PREPROC.PASTEHASH | Macro uses ## operator## follows # operator | ||||||
| Cppcheck |
| preprocessorErrorDirective | Fully implemented | ||||||
| Cppcheck Premium |
| preprocessorErrorDirective | Fully implemented | ||||||
| Helix QAC |
| C0905 C++0064,C++0080 | Fully implemented | ||||||
| Klocwork |
| MISRA.DEFINE.SHARP | Fully implemented | ||||||
| LDRA tool suite |
| 573 S | Fully implemented |
| Parasoft C/C++test |
| CERT_C-PRE30-a | Avoid token concatenation that may produce universal character names | ||||||
| CERT C: Rule PRE30-C | Checks for universal character name from token concatenation (rule fully covered) | |||||||
| RuleChecker |
| universal-character-name-concatenation | Fully checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
...
...