Compared to many languages, C++ is a little harder to master in terms of secure coding. There are plenty of guidelines that provide advice regarding how to and how not to avoid security risks in C++ programs. One of the most popular issues that we discussed in Chapter 1, Building C++ Applications, is using preprocessor macros. The example we used had the following macro:
#define DOUBLE_IT(arg) (arg * arg)
Improper use of this macro leads to logic errors that are hard to spot. In the following code, the programmer expects to get 16 printed to the screen:
int res = DOUBLE_IT(3 + 1);
std::cout << res << std::endl;
The output is 7. The issue here is with the missing parentheses around the arg parameter; that is, the preceding macro should be rewritten as follows:
#define DOUBLE_IT(arg) ((arg) * (arg))
Although this example is popular, we strongly suggest...