Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added Axivion Bauhaus entry to Automated Detection table

The C Standard defines a set of predefined macros (see subclause 6.10.8) to help the user determine if the implementation being used is a conforming implementation, and if so, to which version of the C Standard it conforms.   These macros can also help the user to determine which of the standard features are implemented.

The following tables below list these macros and indicate in which version of the C Standard they were introduced. The following macros are required in C11.:

Macro NameC90C99C11

__STDC__

C89

C99

C11

__STDC_HOSTED__

 


 C99

C11

__STDC_VERSION__1

(C94)


C99

C11

__DATE__

C89

C99

C11

__FILE__

C89

C99

C11

__LINE__

C89

C99

C11

__TIME__

C89

 C99

C11

  1) __STDC_VERSION__ was introduced by an Amendment to C90, this version of the C Standard is commonly call C94 

   The following are optional environment macros in C11.:

Macro NameC90C99C11

__STDC_ISO_10646__

 


C99

C11

__STDC_MB_MIGHT_NEQ_WC__

 


C99

C11

__STDC_UTF_16__

 



 

C11

__STDC_UTF_32__

 



 

...

C11

  

 The The following are optional feature macros in C11.:

Macro NameC90C99C11

__STDC_ANALYZABLE__

 

 

C11



__STDC_IEC_559__

 


C99

C11

__STDC_IEC_559_COMPLEX__

 


C99

C11

__STDC_LIB_EXT1__ 

 



 

 C11

C11

__STDC_NO_ATOMICS__

 

 



__STDC_NO_COMPLEX__

 

 

C11



__STDC_NO_THREADS__

 



 

C11

__STDC_NO_VLA__ 

 

 

C11

 



 The following is optional in C11 and is defined by the user:

Macro NameC90C99C11
__STDC_WANT_LIB_EXT1__ 

 
  C11

Noncompliant Code Example (Checking

...

Value of

...

Predefined Macro)

The value a C Standard predefined macro macros should never be tested for a value before the macro is tested to make sure it is definedtested for definition, as shown in this noncompliant code example:

Code Block
bgColor#FFcccc
langc
#include <stdio.h>

int main(void) {
  #if (__STDC__ == 1)
    printf("Implementation is ISO-conforming.\n");
  #else
    printf("Implementation is not ISO-conforming.\n");
  #endif
  /* ... */

  return 0;
}

Compliant Solution (Testing for

...

Definition of

...

Macro)

In this compliant examplesolution, the definition of the predefined macro __STDC__ is tested before the value of the macro is tested:

Code Block
bgColor#FFcccc#ccccff
langc
#include <stdio.h>

int main(void) {
  #if defined(__STDC__)
    #if (__STDC__ == 1)
      printf("Implementation is ISO-conforming.\n");
    #else
      printf("Implementation is not ISO-conforming.\n");
    #endif
  #else   /* !defined(__STDC__) */
    printf("__STDC__ is not defined.\n");
  #endif
  /* ... */
  return 0;
}

Compliant Solution (Test for Optional

...

Feature)

The follow example This compliant solution tests to see if the C11 predefined macro __STDC_ANALYZABLE__ is defined and what value the implementation has given the macro:

Code Block
bgColor#ccccff
langc
#include <stdio.h>
 
int main(void) {
  #if defined (__STDC__)
    #if defined(__STDC_VERSION__) && (__STDC_VERSION__ >= 201112L)  /* C11 */
      #if defined(__STDC_ANALYZABLE__)
        #if (__STDC_ANALYZABLE__ == 1)
	      printf("Compiler conforms to Annex L (Analyzability).\n");
        #else
	      printf("Compiler does not support Annex L (Analyzability).\n");
        #endif
      #else
        printf("__STDC_ANALYZABLE__ is not defined.\n");
      #endif
    #else
      printf("Compiler not C11.\n");
    #endif
  #else
    printf("Compiler not Standard C.\n");
  #endif
 
  return 0;
}

Compliant Solution (Optional Language Features)

The following example This compliant solution checks for the C11 optional language features in Annex K.  If If Annex K is supported by the implementation, the functions defined in Annex K are used, ; if Annex K is not supported, then the Standard standard library functions are used.   (See DCL09-C. Declare functions that return errno with a return type of errno_t.)

Code Block
bgColor#ccccff
langc
#if defined(__STDC_LIB_EXT1__)
  #if (__STDC_LIB_EXT1__ >= 201112L)
    #define USE_EXT1 1
    #define __STDC_WANT_LIB_EXT1__ 1 /* wantWant the ext1 functions */
  #endif
#endif
 
#include <string.h>
#include <stdlib.h>
 
int main(void) {
  char source_msg[] = "This is a test.";
  char *msg = malloc(sizeof(source_msg) + 1);
 
  if (msg != NULL) {
    #if defined(USE_EXT1)
      strcpy_s(msg, sizeof msg, source_msg);
    #else
      strcpy(msg, source_msg);
    #endif
  } 
  else {
    return EXIT_FAILURE;
  }
  return 0;
}

Compliant Solution (Optional Language Features)

The previous compliant solution comes close to violating PRE09-C. Do not replace secure functions with deprecated or obsolescent functions, and would if a function-like macro were defined which called either strcpy_s() or strcpy() depending on if USE_EXT1 were defined.  This compliant solution solves the problem by including a custom library that implements the optional language feature, which in this case is the Safe C Library available from SourceForge.

Code Block
bgColor#ccccff
langc
#if defined(__STDC_LIB_EXT1__)
  #if (__STDC_LIB_EXT1__ >= 201112L)
    #define USE_EXT1 1
    #define __STDC_WANT_LIB_EXT1__ 1 /* Want the ext1 functions */
  #endif
#endif
 
#include <string.h>
#include <stdlib.h>

#if !defined(USE_EXT1)
  #include "safe_str_lib.h"
#endif
  
int main(void) {
  char source_msg[] = "This is a test.";
  char *msg = malloc(sizeof(source_msg) + 1);
 
  if (msg != NULL) {
    strcpy_s(msg, sizeof msg, source_msg);
  } 
  else {
    return EXIT_FAILURE;
  }
  return 0;
}

Risk Assessment

Not testing for language features , or the version of the implementation being used can lead to unexpected or undefined program behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

PRE13-C

low

Low

probable

Probable

low

Low

P6

L2

 

Automated Detection

 

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-PRE13
LDRA tool suite
Include Page
LDRA_V
LDRA_V


Partially implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

ISO/IEC TR 24772:2013Pre-processor Directives [NMP]
[
ISO/IEC 9899:2011
]

6.10.8, "Predefined macro names"

K.3.7.1, "Copying functions"

...


...

Image Modified Image Modified Image Modified