The arguments to a macro must not include preprocessor directives, such as #define
, #ifdef
, and #include
. Doing so results in undefined behavior, according to the C Standard, 6.10.3, paragraph 11 [ISO/IEC 9899:2011]:
The sequence of preprocessing tokens bounded by the outside-most matching parentheses forms the list of arguments for the function-like macro. The individual arguments within the list are separated by comma preprocessing tokens, but comma preprocessing tokens between matching inner parentheses do not separate arguments. If there are sequences of preprocessing tokens within the list of arguments that would otherwise act as preprocessing directives, the behavior is undefined.
See also undefined behavior 93.
This rule also applies to the use of preprocessor directives in arguments to a function where it is unknown whether or not the function is implemented using a macro. For example, standard library functions, such as memcpy()
, printf()
, and assert()
, may be implemented as macros.
Noncompliant Code Example
In this noncompliant code example [GCC Bugs], the programmer uses preprocessor directives to specify platform-specific arguments to memcpy()
. However, if memcpy()
is implemented using a macro, the code results in undefined behavior.
#include <string.h> void func(const char *src) { /* Validate the source string; calculate size */ char *dest; /* malloc() destination string */ memcpy(dest, src, #ifdef PLATFORM1 12 #else 24 #endif ); /* ... */ }
Compliant Solution
In this compliant solution [GCC Bugs], the appropriate call to memcpy()
is determined outside the function call:
#include <string.h> void func(const char *src) { /* Validate the source string; calculate size */ char *dest; /* malloc() destination string */ #ifdef PLATFORM1 memcpy(dest, src, 12); #else memcpy(dest, src, 24); #endif /* ... */ }
Risk Assessment
Including preprocessor directives in macro arguments is undefined behavior.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
PRE32-C | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description |
---|---|---|---|
Astrée | 24.04 | macro-argument-hash | Fully checked |
CodeSonar | 8.1p0 | LANG.PREPROC.MACROARG | Preprocessing directives in macro argument |
1.2 | CC2.PRE32 | Fully implemented | |
LDRA tool suite | 9.7.1 | 341 S | Fully implemented |
Parasoft C/C++test | 2023.1 | MISRA2004-19_9 | Implemented |
R2018a | Preprocessor directive in macro argument | You use a preprocessor directive in the argument to a function-like macro | |
PRQA QA-C | Unable to render {include} The included page could not be found. | 853 | |
PRQA QA-C++ | 1072 | ||
RuleChecker | 24.04 | macro-argument-hash | Fully checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
[GCC Bugs] | "Non-bugs" |
[ISO/IEC 9899:2011] | 6.10.3, "Macro Replacement" |