...
Consequently, the result of the following noncompliant code depends upon unspecified behavior:
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h> int g; int f(int i) { g = i; return i; } int main(void) { int x = f(1) + f(2); /* Line B */ printf("g = %d\n", g); /* ... */ return 0; } |
This code may result in g being assigned the value 1, or equally likely, being assigned the value 2.
...
This compliant solution is independent of the order of evaluation of the operands and can only be interpreted in one way.
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h> int g; int f(int i) { g = i; return i; } int main(void) { int x = f(1); x += f(2); printf("g = %d\n", g); /* ... */ return 0; } |
This code always results in g being assigned the value 2.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP10-C | medium | probable | medium | P8 | L2 |
Automated Detection
Compass/ROSE could detect violations of this rule by searching for the following pattern:
- Any expression that calls two functions between the same sequence points
- Those two functions both modify the value of a static variable
- That static variable's value is referenced by code following the expression
One could also violate the rule using dynamic memory passed to both functions, but that would be extremely difficult to detect using static analysis.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...