Wiki Markup #define}}, {{\#ifdef}}, and {{\#include}}. Doing so is [undefined behavior|BB. Definitions#undefined behavior], according to Section so results in undefined behavior, according to the C Standard, 6.10.35, Paragraph 11 of the C99 Standard \[[paragraph 11 [ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\]. 2024]:
The sequence of preprocessing tokens bounded by the outside-most matching parentheses forms the list of arguments for the function-like macro. The individual arguments within the list are separated by comma preprocessing tokens, but comma preprocessing tokens between matching inner parentheses do not separate arguments. If there are sequences of preprocessing tokens within the list of arguments that would otherwise act as preprocessing directives, the behavior is undefined.
(See also undefined behavior 87 of Annex J93.)
This rule also applies to the use of The scope of this rule includes using preprocessor directives in arguments to a any function where it is unknown whether or not the function is implemented using a macro. For example, This includes all standard library functions, such as memcpy(), printf(), and assert(), because any standard library function may be implemented as macrosa macro. (C24, 7.1.4, paragraph 1).
Noncompliant Code Example
...
In this noncompliant code example \[ [GCC Bugs|http://gcc.gnu.org/bugs.html#nonbugs_c]\], the author programmer uses preprocessor directives to specify platform-specific arguments to {{memcpy()}}. However, if {{memcpy()}} is implemented using a macro, the code results in undefined behavior.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <string.h> void func(const char *src) { /* Validate the source string; calculate size */ char *dest; /* malloc() destination string */ memcpy(dest, src, #ifdef PLATFORM1 12 #else 24 #endif ); /* ... */ } |
Compliant
...
Solution
In this compliant solution [GCC Bugs], the appropriate call to memcpy() is determined outside the function call:Wiki Markup
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <string.h> void func(const char *src) { /* Validate the source string; calculate size */ char *dest; /* malloc() destination string */ #ifdef PLATFORM1 memcpy(dest, src, 12); #else memcpy(dest, src, 24); #endif /* ... */ } |
Risk Assessment
Improper use of macros may result in Including preprocessor directives in macro arguments is undefined behavior.
Recommendation
low
unlikely
medium
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
PRE32-C |
Low |
Unlikely |
Medium | P2 | L3 |
Related Guidelines
ISO/IEC 9899:1999 Section 6.10.3.1, "Argument substitution," paragraph 11
Bibliography
| Wiki Markup |
|---|
\[[GCC Bugs|http://gcc.gnu.org/bugs.html#nonbugs_c]\] "Non-bugs" |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| macro-argument-hash | Fully checked | ||||||
| Axivion Bauhaus Suite |
| CertC-PRE32 | Fully implemented | ||||||
| CodeSonar |
| LANG.PREPROC.MACROARG | Preprocessing directives in macro argument | ||||||
| CC2.PRE32 | Fully implemented | |||||||
| Helix QAC |
| C0853 C++1072 | Fully implemented | ||||||
| Klocwork |
| MISRA.EXPANSION.DIRECTIVE | Fully implemented | ||||||
| LDRA tool suite |
| 341 S | Fully implemented | ||||||
| Parasoft C/C++test |
| CERT_C-PRE32-a | Arguments to a function-like macro shall not contain tokens that look like preprocessing directives | ||||||
| PC-lint Plus |
| 436, 9501 | Fully supported | ||||||
| CERT C: Rule PRE32-C | Checks for preprocessor directive in macro argument (rule fully covered) | |||||||
| RuleChecker |
| macro-argument-hash | Fully checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
| [GCC Bugs] | "Non-bugs" |
| [ISO/IEC 9899:2024] | 6.10.5, "Macro Replacement" |
...
PRE31-C. Avoid side-effects in arguments to unsafe macros 01. Preprocessor (PRE) 02. Declarations and Initialization (DCL)