Lower case letter 'l' (ell) can easily be confused with the digit '1' (one). This can be particularly confusing when indicating that an integer literal constant is a long value. This rule is similar to recommendation DCL02-C. Use visually distinct identifiers.
Likewise, you should use 'LL' rather than 'll' when indicating that an integer literal constant is a long long value.
Noncompliant Code Example
This noncompliant example highlights the result of adding an integer and a long value even though it appears that two integers 1111 are being added.
printf("Sum is %ld\n", 1111 + 111l);
Compliant Solution
The compliant solution improvises by using an upper case 'L' instead of lower case 'l' to disambiguate the visual appearance.
printf("Sum is %ld\n", 1111 + 111L);
Risk Assessment
Confusing a lower case letter 'l' (ell) with a digit '1' (one) when indicating that an integer denotation is a long value could lead to an incorrect value being written into code.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
DCL16-C |
low |
unlikely |
low |
P3 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: DCL16-CPP. Use 'L', not 'l', to indicate a long value
The CERT Oracle Secure Coding Standard for Java: DCL06-J. Use 'L', not 'l', to indicate a long value
Bibliography
Lockheed Martin 2005 AV Rule 14, "Literal suffixes shall use uppercase rather than lowercase letters."