Information for Editors
To have a new guideline automatically listed above be sure to label it pre and rule.

Risk Assessment Summary

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

PRE30-CLowUnlikelyMedium

P2

L3

PRE31-CLowUnlikelyLow

P3

L3

PRE32-CLowUnlikelyMedium

P2

L3

Related Rules and Recommendations


2 Comments

  1. PCLint has error 553 (see http://gimpel-online.com/MsgRef.html), which identifies undefined preprocessor macros that are used in a macro context, such as #if. Do we need a secure coding rule about this?

    1. It's not uncommon to reference an undefined macro in the #if directive:

      #if HAVE_SOME_FEATURE
        /* use SOME feature */
      #else
        /* work around the absence of SOME feature */
      #endif
      

      When HAVE_SOME_FEATURE is not defined by the configuration script it's treated as if its value was 0. That said, some compilers (EDG eccp being one) have an option to make it possible to diagnose these usually benign cases.