Risk Assessment Summary
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
PRE30-C | Low | Unlikely | Medium | P2 | L3 |
PRE31-C | Low | Unlikely | Low | P3 | L3 |
PRE32-C | Low | Unlikely | Medium | P2 | L3 |
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
PRE30-C | Low | Unlikely | Medium | P2 | L3 |
PRE31-C | Low | Unlikely | Low | P3 | L3 |
PRE32-C | Low | Unlikely | Medium | P2 | L3 |
2 Comments
David Svoboda
PCLint has error 553 (see http://gimpel-online.com/MsgRef.html), which identifies undefined preprocessor macros that are used in a macro context, such as #if. Do we need a secure coding rule about this?
Martin Sebor
It's not uncommon to reference an undefined macro in the
#if
directive:When
HAVE_SOME_FEATURE
is not defined by the configuration script it's treated as if its value was 0. That said, some compilers (EDG eccp being one) have an option to make it possible to diagnose these usually benign cases.