...
This recommendation is derived from and considers the implications of the following common conventions:(1)
- Functions return 0 if false, and non-zero if true [1].
...
- Function failures can typically be indicated by one of the following return values: -1
...
- or
...
- any non-zero number.
...
- Comparison functions return 0 if the arguments are equal and non-zero otherwise
...
- (such as the standard library function strcmp(), which has a trinary return value) [2])
Noncompliant Code Example
...
Function status can typically be indicated by returning -1 on failure, or any nonnegative number on success. While this is a common convention in the standard C library, it is discouraged in guideline recommendation ERR02-C. Avoid in-band error indicators.
...
In an attempt to leave the previous logic intact, the developer just replaces the strcmp with a call to their new function. However, doing so would produce produces incorrect behavior. In the case above, any user which who inputs an incorrect password is granted access. Again, two conventions conflict and produce code that is easily corrupted when modified. To make code maintainable and to avoid these conflicts, such a result should never be defaulted.
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP20-C | medium | probable | low | P8 | L2 |
Related Guidelines
Bibliography
Wiki Markup
...
03. Expressions (EXP) EXP30-C. Do not depend on order of evaluation between sequence points