...
The examples in this rule reflect both a correct and wrong ways to handle comparisons of numbers representing different things (either single bytes or multibyte data structures). The NCCEs just add the numbers without regard to units, whereas the CCEs compliant solutions use typecasts to convert one number to the appropriate unit of the other number.
ROSE could can catch both NCCE's by searching for pointer arithmetic expressions involving different units. The 'different units' is the tricky part, but one can try to identify an expression's units using some simple heuristics:
- A pointer to a 'foo' object has 'foo' as the unit.
- A pointer to
char *has unit 'byte'. - Any
sizeoforoffsetofexpression also has unit 'byte'. Wiki Markup Any variable used in an index to an array of foo objects (eg foo\[variable\]) has 'foo' as the unit.
| Wiki Markup |
|---|
In addition to pointer arithmetic expressions, one couldcan also hunt for array index expressions, as array\[index\] is merely shorthand for 'array + index'. But programmers will likely be more conscientious about using [] with correct units than when using pointer arithmetic. |
...