...
Providing an expression that appears to produce side effects may be misleading to programmers who are not aware that these expressions are not evaluated. As a result, programmers may make invalid assumptions about program state leading to errors and possible software vulnerabilities.
Non-Compliant Code Example
In this example, the variable a will still have a value 14 after b has been initialized.
| Code Block |
|---|
int main(void) {
int a = 14;
int b = sizeof(a++);
...
return 0;
}
|
The expression a++ is not evaluated. Consequently, side effects in the expression are not executed.
Implementation Specific Details
This example compiles cleanly under Microsoft Visual Studio 2005 Version 8.0, with the /W4 option.
Compliant Solution
In this compliant solution, the variable a is incremented.
| Code Block |
|---|
int main(void) {
int a = 14;
int b = sizeof(a);
a++;
...
return 0;
}
|
Implementation Specific Details
...
| Include Page | ||||
|---|---|---|---|---|
|
| Include Page | ||||
|---|---|---|---|---|
|
Priority: P3 Level: L3
Operands to the sizeof operator which contain side effects are unlikely to result in software vulnerabilties, but can also be easily remediated.
...