...
In particular, do not default the test for nonzero. For instance, suppose a foo() function returns 0 to indicate failure or a nonzero value to indicate success. Testing for inequality with zero,
| Code Block | ||||
|---|---|---|---|---|
| ||||
if (foo() != 0) ... |
...
In this noncompliant code example, is_banned() returns zero if false and nonzero if true.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
LinkedList bannedUsers;
int is_banned(User usr) {
int x = 0;
Node cur_node = (bannedUsers->head);
while (cur_node != NULL) {
if(strcmp((char *)cur_node->data, usr->name) {
x++;
}
cur_node = cur_node->next;
}
return x;
}
void processRequest(User usr) {
if(is_banned(usr) == 1) {
return;
}
serveResults();
}
|
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP20-C | medium | probable | low | P12 | L1 |
Bibliography
| [StackOvflw 2009] | "Should I Return TRUE/FALSE Values from a C Function?" |
...