...
The header stdio.h
defines the BUFSIZ
macro, which expands to an integer constant expression that is the size of the buffer used by the setbuf()
function. This noncompliant code example defeats the purpose of defining BUFSIZ
as a constant by assuming its value in the following expression:
...
This compliant solution uses the identifier assigned to the constant value in the expression.:
Code Block | ||||
---|---|---|---|---|
| ||||
#include <stdio.h> /* ... */ nblocks = 1 + (nbytes - 1) / BUFSIZ; |
...
Assuming the value of an expression diminishes the maintainability of code and can produce unexpected behavior under any circumstances in which the constant changes.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP07-C |
Low |
Unlikely |
Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description |
---|
Axivion Bauhaus Suite |
|
|
|
Section |
---|
201 S |
Section |
---|
Fully Implemented |
Fully Implemented
CertC-EXP07 | |||||||||
Helix QAC |
| C3120, C3121, C3122, C3123, C3131, C3132 | |||||||
LDRA tool suite |
| 201 S | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
...
Bibliography
[Plum 1985] | Rule 1-5 |
...