Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated UB references from C11->C23

Wiki MarkupThe arguments to a macro should must not include preprocessor directives, such as {{\#define}}, {{\#ifdef}}, and {{\#include}}. Doing so is [undefined behavior|BB. Definitions#undefined behavior], according to Section so results in undefined behavior, according to the C Standard, 6.10.35, Paragraph 11 of the C99 Standard \[paragraph 11 [ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\]. 2024]:

The sequence of preprocessing tokens bounded by the outside-most matching parentheses forms the list of arguments for the function-like macro. The individual arguments within the list are separated by comma preprocessing tokens, but comma preprocessing tokens between matching inner parentheses do not separate arguments. If there are sequences of preprocessing tokens within the list of arguments that would otherwise act as preprocessing directives, the behavior is undefined.

(See also undefined behavior 87 of Annex J92.)

This rule also applies to the use of The scope of this rule includes using preprocessor directives in arguments to a any function where it is unknown whether or not the function is implemented using a macro. For example, This includes all standard library functions, such as memcpy(), printf(), and assert(), because any standard library function may be implemented as macrosa macro. (C24, 7.1.4, paragraph 1).

Noncompliant Code Example

...

In this noncompliant code example \[ [GCC Bugs|http://gcc.gnu.org/bugs.html#nonbugs_c]\], the author programmer uses preprocessor directives to specify platform-specific arguments to {{memcpy()}}. However, if {{memcpy()}} is implemented using a macro, the code results in undefined behavior.

Code Block
bgColor#FFCCCC
langc
#include <string.h>
 
void func(const char *src) {
  /* Validate the source string; calculate size */
  char *dest;
  /* malloc() destination string */ 
  memcpy(dest, src,
    #ifdef PLATFORM1
      12
    #else
      24
    #endif
  );
  /* ... */
}

Compliant

...

Solution

In this compliant solution \[ [GCC Bugs|http://gcc.gnu.org/bugs.html#nonbugs_c]\], the appropriate call to {{memcpy()}} is determined outside the function call.:

Code Block
bgColor#ccccff
langc
#include <string.h>

void func(const char *src) {
  /* Validate the source string; calculate size */
  char *dest;
  /* malloc() destination string */ 
  #ifdef PLATFORM1
    memcpy(dest, src, 12);
  #else
    memcpy(dest, src, 24);
  #endif
  /* ... */
}

Risk Assessment

Improper use of macros may result in Including preprocessor directives in macro arguments is undefined behavior.

Recommendation

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

PRE32-C

low

Low

unlikely

Unlikely

medium

Medium

P2

L3

Bibliography

Wiki Markup
\[[GCC Bugs|http://gcc.gnu.org/bugs.html#nonbugs_c]\] "Non-bugs"
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.10.3.1, "Argument substitution," paragraph 11

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
macro-argument-hashFully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-PRE32Fully implemented
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.PREPROC.MACROARGPreprocessing directives in macro argument

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.PRE32

Fully implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0853

C++1072

Fully implemented
Klocwork

Include Page
Klocwork_V
Klocwork_V

MISRA.EXPANSION.DIRECTIVEFully implemented
LDRA tool suite
Include Page
LDRA_V
LDRA_V
341 SFully implemented
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-PRE32-a
Arguments to a function-like macro shall not contain tokens that look like preprocessing directives
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

436, 9501

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule PRE32-CChecks for preprocessor directive in macro argument (rule fully covered)
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
macro-argument-hashFully checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[GCC Bugs]"Non-bugs"
[ISO/IEC 9899:2024]6.10.5, "Macro Replacement"


...

Image Added Image Added Image AddedPRE31-C. Avoid side-effects in arguments to unsafe macros      01. Preprocessor (PRE)      02. Declarations and Initialization (DCL)