...
In this non-compliant coding, the definition for XX2 OUT_STR_LEN must always be two greater than the definition of XX IN_STR_LEN. The following definitions fail to embody this relationship:
| Code Block | ||
|---|---|---|
| ||
#defineenum XX 5 #define XX2 7 /* misleading, no indication of relationship */{ IN_STR_LEN=18, OUT_STR_LEN=20 }; |
Consequently, a programmer performing maintenance on this program would need to identify the relationship and modify both definitions accordingly. While this sort of error appears relatively benign, it could easily lead to serious security vulnerabilities such as buffer overflows.
...
This pair of definitions embodies the relationship between the two definitions.
| Code Block | ||
|---|---|---|
| ||
#defineenum XX 5 #define XX2 (XX + 2){ IN_STR_LEN=18, OUT_STR_LEN=IN_STR_LEN+2 }; |
As a result, a programmer could reliably modify the program by changing the definition of XX IN_STR_LEN.
Non-Compliant Coding Example
In this non-compliant coding, a relationship is established between two constants where none exits:
| Code Block | ||
|---|---|---|
| ||
#defineenum { ADULT_AGE=18 18 #define PURCHASE_}; enum { ALCOHOL_AGE (=ADULT_AGE +3 3)}; /* misleading, relationship established when none exists */ |
...
This compliant solution does not assume a relationship when none exists:
| Code Block | ||
|---|---|---|
| ||
#defineenum { ADULT_AGE=18 18 #define PURCHASE_}; enum { ALCOHOL_AGE =21 }; |
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
PRE07-A | 1 (low) | 1 (unlikely) | 2 (medium) | P2 | L3 |
...