If one definition affects another, encode the relationship in the definition; do not give two independent definitions. A corollary of this recommendation is not to encode transitory relationships in definitions.
In this non-compliant code example, the definition for OUT_STR_LEN must always be two greater than the definition of IN_STR_LEN. The following definitions fail to embody this relationship:
enum { IN_STR_LEN=18, OUT_STR_LEN=20 };
|
Consequently, a programmer performing maintenance on this program would need to identify the relationship and modify both definitions accordingly. While this sort of error appears relatively benign, it could easily lead to serious security vulnerabilities such as buffer overflows.
The declaration in this compliant solution embodies the relationship between the two definitions.
enum { IN_STR_LEN=18, OUT_STR_LEN=IN_STR_LEN+2 };
|
As a result, a programmer can reliably modify the program by changing the definition of IN_STR_LEN.
In this non-compliant code example, a relationship is established between two constants where none exists.
enum { ADULT_AGE=18 };
enum { ALCOHOL_AGE=ADULT_AGE+3 }; /* misleading, relationship established when none exists */
|
Consequently, a programmer performing maintenance on this program may modify the definition for ADULT_AGE but fail to recognize that the definition for ALCOHOL_AGE has also been changed as a consequence.
This compliant solution does not assume a relationship when none exists:
enum { ADULT_AGE=18 };
enum { ALCOHOL_AGE=21 };
|
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DCL08-A |
1 (low) |
1 (unlikely) |
1 (high) |
P1 |
L3 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.10, "Preprocessing directives," and Section 5.1.1, "Translation environment" \[[Plum 85|AA. C References#Plum 85]\] Rule 1-4 |
DCL07-A. Include the appropriate type information in function declarators 02. Declarations and Initialization (DCL) DCL09-A. Declare functions that return an errno error code with a return type of errno_t