Page History

...

The header stdio.h defines the BUFSIZ macro, which expands to an integer constant expression that is the size of the buffer used by the setbuf() function. This noncompliant code example defeats the purpose of defining BUFSIZ as a constant by assuming its value in the following expression:

...

This compliant solution uses the identifier assigned to the constant value in the expression.:

Code Block

bgColor	#ccccff
lang	c

#include <stdio.h>
/* ... */
nblocks = 1 + (nbytes - 1) / BUFSIZ;

...

Assuming the value of an expression diminishes the maintainability of code and can produce unexpected behavior under any circumstances in which the constant changes.

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
EXP07-C

low

Low

unlikely

Unlikely

medium

Medium

P2

L3

Automated Detection

Tool	Version	Checker	Description

Section
LDRA tool suite

Axivion Bauhaus Suite

Include Page

LDRA

	Axivion Bauhaus Suite_V

LDRA

	Axivion Bauhaus Suite_V

Section
201 S

Section
Fully Implemented

PRQA QA-C Include PagePRQA_VPRQA_V3120

Partially Implemented

CertC-EXP07

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C3120, C3121, C3122, C3123, C3131, C3132

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

201 S

Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++

...

Coding Standard

...

VOID EXP07-CPP. Do not diminish the benefits of constants by assuming their values in expressions

...

Bibliography

[Plum 1985]

Rule 1-5

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 41

New Version Current

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography