...
The C Standard, 5.1.1.2, paragraph 4 [ISO/IEC 9899:20112024], says,
If a character sequence that matches the syntax of a universal character name is produced by token concatenation (6.10.35.3), the behavior is undefined.
...
GCC 4.8.1 on Linux refuses to compile this code; it complains of emits a diagnostic reading, "stray '\' in program," referring to the universal character fragment in the invocation of the assign
macro.
...
Code Block | ||||
---|---|---|---|---|
| ||||
#define assign(ucn, val) ucn = val;
void func(void) {
int \u0401;
/* ... */
assign(\u0401, 4);
/* ... */
} |
...
Creating a universal character name through token concatenation results in undefined behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
PRE30-C | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| universal-character-name-concatenation | Fully implemented | ||||||
| CertC-PRE30 | Fully implemented | |||||||
CodeSonar |
| LANG.PREPROC.PASTE LANG.PREPROC.PASTEHASH | Macro uses ## operator## follows # operator | ||||||
Cppcheck |
| preprocessorErrorDirective | Fully implemented | ||||||
Cppcheck Premium |
| preprocessorErrorDirective | Fully implemented | ||||||
Helix QAC |
| C0905 C++0064,C++0080 | Fully implemented | ||||||
Klocwork |
| MISRA.DEFINE.SHARP | Fully implemented | ||||||
LDRA tool suite |
| 573 S | Fully implemented | ||||||
Parasoft C/C++test |
| CERT_C-PRE30-a | Avoid token concatenation that may produce universal character names | ||||||
| CERT C: Rule PRE30-C | Checks for universal character name from token concatenation (rule fully covered) | |||||||
RuleChecker |
| universal-character-name-concatenation | Fully checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
Bibliography
...
...