You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 50 Next »

Parenthesize all parameter names in macro definitions. See also PRE00-A. Prefer inline functions to macros and PRE02-A. Macro replacement lists should be parenthesized.

Non-Compliant Code Example

This CUBE() macro definition is non-compliant because it fails to parenthesize the parameter names.

#define CUBE(I) (I * I * I)
int a = 81 / CUBE(2 + 1);

As a result, the invocation

int a = 81 / CUBE(2 + 1);

expands to

int a = 81 / (2 + 1 * 2 + 1 * 2 + 1);  /* evaluates to 11 */

which is clearly not the desired result.

Compliant Solution

Parenthesizing all parameter names in the CUBE() macro allows it to expand correctly (when invoked in this manner).

#define CUBE(I) ( (I) * (I) * (I) )
int a = 81 / CUBE(2 + 1);

Exceptions

PRE01-EX1: When the parameter names are surrounded by commas in the replacement text, regardless of how complicated the actual arguments are, there is no need for parenthesizing the macro parameters. Because commas have lower precedence than any other operator, there is no chance of the actual arguments being parsed in a surprising way.

#define FOO(a, b, c) bar(a, b, c)
/* ... */
FOO(arg1, arg2, arg3);

PRE01-EX2: Macro parameters cannot be individually parenthesized when concatenating tokens using the ## operator, converting macro parameters to strings using the # operator, or concatenating adjacent string literals. The JOIN() macro below concatenates both arguments to form a new token. The SHOW() macro converts the single argument into a string literal, which is then concatenated with the adjacent string literal to form the format specification in the call to printf().

#define JOIN(a, b) (a ## b)
#define SHOW(a) printf(#a " = %d\n", a) 

See PRE05-A. Understand macro replacement when concatenating tokens for more information on using the ## operator to concatenate tokens.

Risk Assessment

Failing to parenthesize the parameter names in a macro can result in unintended program behavior.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

PRE01-A

1 (low)

1 (unlikely)

3 (low)

P3

L3

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[Plum 85]]
[[Summit 05]] Question 10.1
[[ISO/IEC 9899-1999]] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment"


PRE00-A. Prefer inline functions to macros      01. Preprocessor (PRE)       PRE02-A. Macro replacement lists should be parenthesized

  • No labels