Re: C: initializing automatics

[Andreas Saurwein <saurwein () uniwares com>]

At 3/12/2003 20:32 Wednesday, you wrote:
Given your example I can see a typical severe flaw: parameters. The 
function accepts all parameters without validating their value.
This is the same error which leads to buffer overflows. While it may not 
be critical with double values for a math function (besides of a possible 
/0 error), it is critical for any application which deals with values 
which may be out of range.

Never trust that only and always valid parameters are passed.


2 things. This function is in a library. One of the applications that uses 
this library will potentially call this function 500 x 80 x 1,000,000 
times (a credit risk monte carlo simulation). This function needs to be as 
fast as possible. 2) If you pass bad values in, the *WORST* that can 
happen is that you get a NAN return value. In our application, this can be 
a *VALID* result - ie, we expect that the function may return NAN and 
treat it appropriately.


As I said, this may be not important for this very special function, 
although the function seems to have not even debug checks/assertions.


Your mentioning of calling that function zillions of times, is not a valid 
point. Many operating system functions are called equally often, but you 
would not want them to accept any input.
It depends for every function in which context it may be called, from where 
the parameters may come and what consequences wrong parameters may have 
inside the function and outside it.


The point which is important for this class of errors, is that the 
programmer is aware of it. Even more, when the function is to be used in a 
library and the programmer can not predict the calling function nor the 
parameters.


Programming with security in mind is a habit, not a blessing or a necessity.

Andreas