Parenthesize all parameter names in macro definitions. See also PRE00-A. Prefer inline functions to macros and PRE02-A. Macro replacement lists should be parenthesized.
Non-Compliant Code Example
This CUBE()
macro definition is non-compliant because it fails to parenthesize the parameter names.
#define CUBE(I) (I * I * I) int a = 81 / CUBE(2 + 1);
As a result, the invocation
int a = 81 / CUBE(2 + 1);
expands to
int a = 81 / (2 + 1 * 2 + 1 * 2 + 1); /* evaluates to 11 */
which is clearly not the desired result.
Compliant Solution
Parenthesizing all parameter names in the CUBE()
macro allows it to expand correctly (when invoked in this manner).
#define CUBE(I) ( (I) * (I) * (I) ) int a = 81 / CUBE(2 + 1);
Exceptions
When the parameter names are surrounded by commas in the replacement text, regardless of how complicated the actual arguments are, there is no need for parenthesizing the macro parameters. Since commas have lower precedence than any other operator, there is no chance of the actual arguments being parsed in a surprising way.
#define FOO(a, b, c) bar(a, b, c) /* ... */ FOO(arg1, arg2, arg3);
When token pasting, stringization, and string concatenation are desired, the arguments must not be parenthesized individually.
#define JOIN(a, b) (a ## b) #define SHOW(a) printf(#a " = %d\n", a)
Risk Assessment
Failing to parenthesize the parameter names in a macro can result in unintended program behavior.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
PRE01-A |
1 (low) |
1 (unlikely) |
3 (low) |
P3 |
L3 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[Plum 85]]
[[Summit 05]] Question 10.1
[[ISO/IEC 9899-1999]] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment"
PRE00-A. Prefer inline functions to macros 01. Preprocessor (PRE) PRE02-A. Macro replacement lists should be parenthesized