...
In this noncompliant code example, the addresses of the POSIX ® ® functions getuid and geteuid are compared for equality to 0. Since the address of no function is null the first subexpression will always evaluate to false (zero) while the second subexpression always to true (non-zero). Thus, the entire expression will always evaluate to true, leading to a potential security vulnerability.
...
| Wiki Markup |
|---|
\[[Hatton 95|AA. References#Hatton 95]\] Section 2.7.2, "Errors of omission and addition" \[[ISO/IEC PDTR 24772|AA. References#ISO/IEC PDTR 24772]\] "KOA Likely Incorrect Expressions" \[[MITRE 07|AA. References#MITRE 07]\] [CWE ID 482|http://cwe.mitre.org/data/definitions/482.html], "Comparing instead of Assigning," [CWE ID 480|http://cwe.mitre.org/data/definitions/480.html], "Use of Incorrect Operator" |
...
03. Expressions (EXP) EXP17-C. Do not perform bitwise operations in conditional expressions