SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 12

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 13

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
langcpp

void set_flag(int number, int *sign_flag) {
  if (sign_flag == NULL) {
    return;
  }
  if (number > 0) {
    *sign_flag = 1;
  }
  else if (number < 0) {
    *sign_flag = -1;
  }
}

void func(int number) {
  int sign;

  set_flag(number, &sign);
  /* use sign */
}

...

Code Block
bgColor#ccccff
langcpp

void set_flag(int number, int *sign_flag) {
  if (sign_flag == NULL) {
    return;
  }
  if (number >= 0) { /* account for number being 0 */
    *sign_flag = 1;
  } else {
    assert(number < 0);
    *sign_flag = -1;
  }
}

void func(int number) {
  int sign;

  set_flag(number, &sign);
  /* use sign */
}

...

Code Block
bgColor#FFCCCC
langcpp

#include <stdio.h>
#include <ctype.h>
#include <string.h>

int do_auth(void) {
  char *username;
  char *password;

  /* Get username and password from user, return -1 if invalid */
}

void report_error(const char *msg) {
  const char *error_log;
  char buffer[24];

  sprintf(buffer, "Error: %s", error_log);
  printf("%s\n", buffer);
}

int main(void) {
  if (do_auth() == -1) {
    report_error("Unable to login");
  }
  return 0;
}

...

Code Block
bgColor#ffcccc
langcpp

void report_error(const char *msg) {
  const char *error_log = msg;
  char buffer[24];

  sprintf(buffer, "Error: %s", error_log);

  printf("%s\n", buffer);
}

...

Code Block
bgColor#ccccff
langcpp

enum {max_buffer = 24};

void report_error(const char *msg) {
  const char *error_log = msg;
  char buffer[max_buffer];

  snprintf(buffer, sizeof( buffer), "Error: %s", error_log);
  cout << buffer << endl;
}

...

Code Block
bgColor#ccccff
langcpp

void report_error(const char *msg) {
  cout << "Error: " << msg << endl;
}

...

Klocwork can detect violations of this rule with the UNINIT.* checkers.  See Klocwork Cross Reference

Tool

Version

Checker

Description

 PRQA QA-C++

 
Include Page
PRQA QA-C++_v
PRQA QA-C++_v

2961,2962,2963,2966,

2967,2968,2971,2972,

2973,2976, 2977, 2978

 

 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

[Flake 06]
[ISO/IEC 14882-2003] Section 8.5 Initializers.
[Lockheed Martin 05] AV Rule 142 All variables shall be initialized before use.
[ISO/IEC PDTR 24772] "LAV Initialization of Variables"
[mercy 06]

...

EXP32-CPP. Do not access a volatile object through a non-volatile reference      03Image Added      003. Expressions (EXP)      EXP34-CPP. Ensure a null pointer is not dereferencedImage Added