...
| Code Block | ||||
|---|---|---|---|---|
| ||||
/* commentComment with end comment marker unintentionally omitted security_critical_function(); /* someSome other comment */ |
In this example, the call to the security-critical function is not executed. A reviewer examining this page could incorrectly assume that the code is executed.
In cases where execution If execution failure is the result of an accidental omission, it is useful to use an editor that provides syntax highlighting or formats the code to help identify issues like missing end-comment delimitorsdelimiters.
Because missing end delimitors delimiters are error prone and often viewed as a mistake, this approach is not recommended for commenting out code.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#if 0 /* useUse of critical security function no * longer necessary */ security_critical_function(); /* someSome other comment */ #endif |
The text inside a block of code commented out using #if, #ifdef, or #ifndef must still consist of valid preprocessing tokens. This means that the characters " and ' must each be paired just as in real C code, and the pairs must not cross line boundaries. In particular, an apostrophe within a contracted word looks like the beginning of a character constant. Consequently, natural-language comments and pseudocode should always be written between the comment delimiters /* and */ or following //.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
if (0) { /* useUse of critical security function no
* longer necessary, for now */
/*NOTREACHED*/
security_critical_function();
/* someSome other comment */
}
|
This code is an instance of exception MSC07-EX2 to MSC07-C. Detect and remove dead code.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
// */ /* commentComment, not syntax error */ f = g/**//h; /* equivalentEquivalent to f = g / h; */ //\ i(); /* partPart of a two-line comment */ /\ / j(); /* partPart of a two-line comment */ /*//*/ l(); /* equivalentEquivalent to l(); */ m = n//**/o + p; /* equivalentEquivalent to m = n + p; */ a = b //*divisor:*/c +d; /* interpretedInterpreted as a = b/c +d; in c90 * compiler and a = b+d; in c99 compiler */ |
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
/* Nice simple comment */ int i; /* counterCounter */ |
Risk Assessment
Confusion over which instructions are executed and which are not can lead to serious programming errors and vulnerabilities, including denial of service, abnormal program termination, and data integrity violation. This problem is mitigated by the use of interactive development environments (IDEs) and editors that use fonts, colors, or other mechanisms to differentiate between comments and code. However, the problem can still manifest itself, for example, when reviewing source code printed on a black-and-white printer.
...
Tool | Version | Checker | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Include Page | LDRA_V | LDRA_V | 119 S | Partially implemented. | GCC |
|
| Can detect violations of this rule when the | |||||||
| 119 S | Partially implemented. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
ISO/IEC 9899:2011 Section 6.4.9, "Comments," and Section 6.10.1, "Conditional inclusion"
...
| MISRA-C | Rule 2.2 |
...
|
...
|
...
Bibliography
...
...