Common typo patterns that change application logic

c.miscellaneous.typos

Severity

low

Resource

Miscellaneous

Language

C / C++

Description

The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways. This rule also covers some other common typo patterns.

Rationale

The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways. This rule also covers some other common typo patterns.

The following code illustrates a vulnerable pattern detected by this rule:

int left;

while (*src && left)
{
	*dst++ = *src++;
	// VULNERABLE: Common typo patterns that change application logic
	if (left = 0)
	{
		die("badlen");
	}
	left--;
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-480
OWASP Top 10 2021 - A04 : Insecure Design.
https://cwe.mitre.org/data/definitions/481
https://cwe.mitre.org/data/definitions/482
https://cwe.mitre.org/data/definitions/483
https://g.co/kgs/PCHQjJ
https://www.sei.cmu.edu/downloads/sei-cert-c-coding-standard-2016-v01.pdf
CERTC-EXP45-C
CERTC-EXP46-C