Comparing a function pointer to a value that is not a null function pointer of the same type shall will be diagnosed because this typically indicates programmer error and can result in unexpected behavior. Implicit comparisons shall will be diagnosed, as well.
Noncompliant Code Example
...
This noncompliant code example is from an actual vulnerability (VU#837857) discovered in some versions of the X Window System server. The vulnerability exists because the programmer neglected to provide the open and close parentheses following the geteuid() function identifier. As a result, the geteuid token returns the address of the function, which is never equal to zero. As a result, the or condition of this if statement is always true and access is provided to the protected block for all users. Many compilers issue a warning noting such pointless expressions. Therefore, this coding error is normally detected by adherence to guideline recommendation MSC00-C. Compile cleanly at high warning levels.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: EXP16-CPP. Avoid errors of omission
ISO/IEC TR 24772 "KOA Likely Incorrect Expressions"
MITRE CWE: CWE-482, "Comparing instead of Assigning"
MITRE CWE: CWE-480, "Use of Incorrect Operator"
Bibliography
| Wiki Markup |
|---|
\[[Hatton 1995|AA. Bibliography#Hatton 95]\] Section 2.7.2, "Errors of omission and addition"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "KOA Likely Incorrect Expressions"
\[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE ID 482|http://cwe.mitre.org/data/definitions/482.html], "Comparing instead of Assigning," [CWE ID 480|http://cwe.mitre.org/data/definitions/480.html], "Use of Incorrect Operator" |
...
03. Expressions (EXP) EXP17-C. Do not perform bitwise operations in conditional expressions