...
However, due to the requirement for digit characters, the usage of other operators is allowed for them according to the following restrictions:
- The binary + operator may be used to add integer values from 0 to 9 to '0'.
- The binary - operator may be used to subtract character '0'.
- Relational operators <, <=, >, >= may be used to check whether a character or wide character is a digit.
Character types should be chosen and used in accordance with STR04-C. Use plain char for characters in the basic character set.
Noncompliant
...
Code Example
The following example would seem to check if the value of a character variable is between 'a' and 'c' inclusive. However, since it is not required by the C99 standard that the letter characters be consecutive nor in alphabetical order, the check might not work as expected.
| Code Block | ||
|---|---|---|
| ||
char ch = 'b';
if ( ( ch >= 'a' ) && (ch <= 'c') ){
...
}
|
Compliant
...
Solution
In this example, the specific check is enforced using compliant operations on character expressions.
| Code Block | ||
|---|---|---|
| ||
char ch = 't';
if ( ( ch == 'a' ) || ( ch == 'b') || ( ch == 'c') ){
...
}
|
Exceptions
STR09-EX1: It is ok to assume consecutive value for characters like a~z in most platform, on platforms where ASCII or Unicode is used. This rule is to raise awareness of platform portability, e.g., if you migrate such as if the code is migrated from ASCII system systems to a non-ASII systemsystems.
Risk assesment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR09-C | low | unlikely | low | P3 | L3 |
...
| Wiki Markup |
|---|
This rule appears in the C+\+ Secure Coding Standard as \[[cplusplus:STR07-CPP. Don't assume numeric values for expressions with type plain character]\]. |
...