Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The header stdio.h defines the BUFSIZ macro, which expands to an integer constant expression that is the size of the buffer used by the setbuf() function. This noncompliant code example defeats the purpose of defining BUFSIZ as a constant by assuming its value in the following expression:

...

This compliant solution uses the identifier assigned to the constant value in the expression.:

Code Block
bgColor#ccccff
langc
#include <stdio.h>
/* ... */
nblocks = 1 + (nbytes - 1) / BUFSIZ;

...

Assuming the value of an expression diminishes the maintainability of code and can produce unexpected behavior under any circumstances in which the constant changes.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP07-C

low

Low

unlikely

Unlikely

medium

Medium

P2

L3

Automated Detection

Tool

Version

Checker

Description

section

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-EXP07
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C3120, C3121, C3122, C3123, C3131, C3132


LDRA tool suite
Include Page
LDRA_V
LDRA_V
section
201 S
section

Fully

Implemented

implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

...

...

ISO/IEC 9899:2011 Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment"

Bibliography

[Plum 1985]Rule 1-5


...

Image Modified Image Modified Image Modified