If a relation exists between constants, you should encode the relationship in the definitions. Do not give two independent definitions, because a maintainer may fail to preserve that relationship when modifying the code. As a corollary, do not encode an impermanent or false relationship between constants, because future modifications may result in an incorrect definition for the dependent constant.
In this noncompliant code example, the definition for OUT_STR_LEN
must always be two greater than the definition of IN_STR_LEN
. The following definitions fail to embody this relationship:
enum { IN_STR_LEN=18, OUT_STR_LEN=20 }; |
A programmer performing maintenance on this program would need to identify the relationship and modify both definitions accordingly. Although this sort of error appears relatively benign, it can easily lead to serious security vulnerabilities, such as buffer overflows.
The declaration in this compliant solution embodies the relationship between the two definitions:
enum { IN_STR_LEN=18, OUT_STR_LEN=IN_STR_LEN+2 }; |
As a result, a programmer can reliably modify the program by changing the definition of IN_STR_LEN
.
In this noncompliant code example, a relationship is established between two constants where none exists:
enum { ADULT_AGE=18 }; /* Misleading; relationship established when none exists */ enum { ALCOHOL_AGE=ADULT_AGE+3 }; |
A programmer performing maintenance on this program may modify the definition for ADULT_AGE
but fail to recognize that the definition for ALCOHOL_AGE
has also been changed as a consequence.
This compliant solution does not assume a relationship where none exists:
enum { ADULT_AGE=18 }; enum { ALCOHOL_AGE=21 }; |
Failing to properly encode relationships in constant definitions may lead to the introduction of defects during maintenance. These defects could potentially result in vulnerabilities, for example, if the affected constants were used for allocating or accessing memory.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DCL08-C | Low | Unlikely | High | P1 | L3 |
Tool | Version | Checker | Description |
---|
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
SEI CERT C++ Coding Standard | VOID DCL08-CPP. Properly encode relationships in constant definitions |
[Plum 1985] | Rule 1-4 |