...
| Code Block | ||
|---|---|---|
| ||
void set_flag(int number, int *sign_flag) {
if (sign_flag == NULL) {
return;
}
if (number > 0) {
*sign_flag = 1;
}
else if (number < 0) {
*sign_flag = -1;
}
}
void func(int number) {
int sign;
set_flag(number, &sign);
/* use sign */
}
|
Compilers assume that when the address of an uninitialized variable is passed to a function, the variable is initialized within that function. Because compilers frequently fail to diagnose any resulting failure to initialize the variable, the programmer must apply additional scrutiny to ensure the correctness of the code.
...
| Code Block | ||
|---|---|---|
| ||
void set_flag(int number, int *sign_flag) {
if (sign_flag == NULL) {
return;
}
if (number >= 0) { /* account for number being 0 */
*sign_flag = 1;
} else {
assert(number < 0);
*sign_flag = -1;
}
}
void func(int number) {
int sign;
set_flag(number, &sign);
/* use sign */
}
|
Noncompliant Code Example
...
The Coverity Prevent UNINIT checker can find cases of an uninitialized variable being used before it is initialized, although it cannot detect cases of uninitialized members of a struct. Because Coverity Prevent cannot discover all violations of this rule further verification is necessary.
Klocwork Version 8.0.4.16 can detect violations of this rule with the UNINIT.HEAP.MIGHT, UNINIT.HEAP.MUST, UNINIT.STACK.ARRAY.MIGHT, UNINIT.STACK.ARRAY.MUST, UNINIT.STACK.ARRAY.PARTIAL.MUST, and UNINIT.STACK.MUST checkers.* checkers. See Klocwork Cross Reference
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...