If a constant value is given for a given identifier, do not diminish the modifiability of the code in which it is used by assuming its value in expressions. Just giving the constant a name is not enough to ensure modifiability; you must be careful always to use the name, and remember that the value could change. This is related to DCL06-A. Use meaningful symbolic constants to represent literal values in program logic.
Non-Compliant Coding Example
This non-compliant coding example defeats the purpose of defining BUFSIZ as a constant by assuming its value in the following expression:
nblocks = nbytes >> 9; /* hard to modify, uses "magic number" */
The assumption is that "everyone knows that BUFSIZ equals 512," and right-shifting nine bits is the same (for positive numbers) as dividing by 512. However, if BUFSIZ changes to 1024 on some systems, modifications are difficult and error-prone.
Compliant Solution
This compliant solution uses the identifier assigned the constant value in the expression.
nblocks = nbytes / BUFSIZ;
Most modern C compilers will optimize this code appropriately.
Risk Assessment
Improper use of macros may result in unexpected arithmetic results.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP10-A |
1 (low) |
1 (unlikely) |
2 (medium) |
P2 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[Plum 85]] Rule 1-5
[[ISO/IEC 9899-1999]] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment"