...
| Code Block | ||
|---|---|---|
| ||
void set_flag(int number, int *sign_flag) {
if (sign_flag == NULL) {
return;
}
if (number >= 0) { /* account for number being 0 */
*sign_flag = 1;
} else {
assert( number < 0);
*sign_flag = -1;
}
}
void func(int number) {
int sign;
set_flag(number, &sign);
/* use sign */
}
|
...
| Wiki Markup |
|---|
In this non-compliant code example, the programmer mistakenly fails to set the local variable {{error_log}} to the {{msg}} argument in the {{report_error()}} function \[[mercy 06|AA. C References#mercy 06]\]. Because {{error_log}} has not been initialized, on architectures making use of a program stack, it assumes the value already on the stack at this location, which is a pointer to the stack memory allocated to the {{password}} array. The {{sprintf()}} call copies data in {{password}} until a NULLnull byte is reached. If the length of the string stored in the {{password}} array is greater than the size of the {{buffer}} array, then a buffer overflow occurs. |
...