If one definition affects another, embody the relationship in the definition; do not give two independent definitions.
Non-Compliant Coding Example
In this non-compliant coding, the definition for XX2 must always be two greater than the definition of XX. The following definitions fail to embody this relationship:
#define XX 5 #define XX2 7 /* misleading, no indication of relationship */
Consequently, a programmer performing maintenance on this program would need to identify the relationship and modify both definitions accordingly. While this sort of error appears relatively benign, it could easily lead to serious security vulnerabilities such as buffer overflows.
Compliant Solution
This pair of definitions embodies the relationship between the two definitions.
#define XX 5 #define XX2 (XX + 2)
As a result, a programmer could reliably modify the program by changing the definition of XX.
Risk Assessment
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
PRE07-A |
1 (low) |
1 (unlikely) |
2 (medium) |
P2 |
L3 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[Plum 85]] Rule 1-4
[[ISO/IEC 9899-1999]] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment"