...
This noncompliant code example generates a sequence of 10 pseudorandom numbers using the rand() function. When rand() is not seeded, it uses 1 as a default seed. No matter how many times this code is executed, it always produces the same sequence.
| Code Block | ||
|---|---|---|
| ||
for (int i=0; i<10; i++) {
printf("%d\n", rand()); /* Always generates the same sequence */
}
output:
1st run: 41, 18467, 6334, 26500, 19169, 15724, 11478, 29358, 26962, 24464
2nd run: 41, 18467, 6334, 26500, 19169, 15724, 11478, 29358, 26962, 24464
...
nth run: 41, 18467, 6334, 26500, 19169, 15724, 11478, 29358, 26962, 24464
|
Compliant Solution (C Standard)
Use srand() before rand() to seed the random sequence generated by rand(). The code produces a different 10 random number sequence at different calls.
| Code Block | ||
|---|---|---|
| ||
srand(time(NULL)); /* Create seed based on current time counted as seconds from 01/01/1970 */ for (int i=0; i<10; i++) { printf("%d\n", rand()); /* Generates different sequences at different runs */ } output: 1st run: 25121, 15571, 29839, 2454, 6844, 10186, 27534, 6693, 12456, 5756 2nd run: 25134, 25796, 2992, 403, 15334, 25893, 7216, 27752, 12966, 13931 3rd run: 25503, 27950, 22795, 32582, 1233, 10862, 31243, 24650, 11000, 7328 ... |
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC18-C |
| likely |
|
|
|
...