You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 16 Next »

Lower case letter 'l' (ell) can easily be confused with the digit '1' (one). This can be particularly confusing when indicating that an integer denotation is a long value. This rule is similar to DCL02-C. Use visually distinct identifiers.

Noncompliant Code Example

This noncompliant example highlights the result of adding an integer and a long value even though it appears that two integers 1111 are being added.

	printf("Sum is %ld\n", 1111 + 111l);

Compliant Solution

The compliant solution improvises by using an upper case 'L' instead of lower case 'l' to disambiguate the visual appearance.

	printf("Sum is %ld\n", 1111 + 111L);

Risk Assessment

Confusing a lower case letter 'l' (ell) with a digit '1' (one) when indicating that an integer denotation is a long value could lead to an incorrect value being written into code.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

DCL16-C

low

unlikely

low

P3

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as DCL16-CPP. Use 'L', not 'l', to indicate a long value.

This rule appears in the Java Secure Coding Standard as DCL01-J. Use 'L', not 'l', to indicate a long value.

References

  • Lockheed Martin 05 AV Rule 14, "Literal suffixes shall use uppercase rather than lowercase letters."

      02. Declarations and Initialization (DCL)      

  • No labels