...
Although the intent of the code may be to assign b to a and test the value of the result for equality to zero, it is very frequently a case of the programmer mistakenly using the assignment operator = instead of the equals operator ==. Consequently, many compilers will warn about this condition, making this coding error detectable by adhering to MSC00-C. Compile cleanly at high warning levels.
Compliant Solution
When the assignment of b to a is not intended, this conditional block is now executed when a is equal to b.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
|
| |||||||
GCC |
|
| Can detect violations of this recommendation when the | ||||||
Compass/ROSE |
|
| Could detect violations of this recommendation by identifying any assignment expression as the top-level expression in an | ||||||
| ASSIGCOND.GEN |
| |||||||
| exprctxt | Fully implemented. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
The CERT Oracle Secure Coding Standard for Java: EXP51-JG. Do not perform assignments in conditional expressions
ISO/IEC TR 24772 "KOA Likely incorrect expressions"
MITRE CWE: CWE-480, "Use of incorrect operator"
Bibliography
[Hatton 1995] Section 2.7.2, "Errors of omission and addition"
...