C programmers commonly make errors regarding the precedence rules of C operators due to the unintuitive low precedence levels of "&", "|", "^", "<<", and ">>". Mistakes regarding precedence rules can be avoided by the suitable use of parentheses. Using parentheses defensively reduces errors and, if not taken to excess, makes the code more readable.
Non-Compliant Code Example
The intent of the expression in this non-compliant code example is to test the least significant bit of x.
x & 1 == 0
Because of operator precedence rules, the expression is parsed as
x & (1 == 0)
which the compiler evaluates to
(x & 0)
and then to 0.
Compliant Solution
In this compliant solution, parentheses are used to ensure the expression evaluates as expected.
(x & 1) == 0
Risk Assessment
Mistakes regarding precedence rules may cause an expression to be evaluated in an unintended way. This can lead to unexpected and abnormal program behavior.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP00-A |
1 (low) |
2 (probable) |
2 (medium) |
P4 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[ISO/IEC 9899-1999]] Section 6.5, "Expressions"
[[NASA-GB-1740.13]] Section 6.4.3, "C Language"
[[Dowd 06]] Chapter 6, "C Language Issues" (Precedence, pp. 287-288)
03. Expressions (EXP) 03. Expressions (EXP) EXP01-A. Do not take the size of a pointer to determine the size of a type