Secure Coding mailing list archives
Re: C: initializing automatics
From: Brett Hutley <brett () hutley net>
Date: Thu, 04 Dec 2003 02:03:46 +0000
Andreas Saurwein wrote:
At 1/12/2003 22:51 Monday, you wrote:I also try to initialize variables to *appropriate* values as soon
as they are declared. To take some code from my "Risk Quantify" project (note how every variable is declared and initialized to a "good" value as quickly as possible):
-- 8< -- snip -- 8< -- RQ_EXPORT double rq_pricing_digital( short cash, short call, double S, double X, double r_dom, double r_for, double sigma, double tau_e, double tau_d ) { double m = (call ? 1.0 : -1.0);
*snip*
Given your example I can see a typical severe flaw: parameters. The
function accepts all parameters without validating their value.
This is the same error which leads to buffer overflows. While it may
not be critical with double values for a math function (besides of a possible /0 error), it is critical for any application which deals with values which may be out of range.
Never trust that only and always valid parameters are passed.
2 things. This function is in a library. One of the applications that uses this library will potentially call this function 500 x 80 x 1,000,000 times (a credit risk monte carlo simulation). This function needs to be as fast as possible. 2) If you pass bad values in, the *WORST* that can happen is that you get a NAN return value. In our application, this can be a *VALID* result - ie, we expect that the function may return NAN and treat it appropriately. -- Brett Hutley [MAppFin,CISSP,SANS GCIH] mailto:[EMAIL PROTECTED] http://hutley.net/brett "He who learns from one who is learning drinks from a running stream" - Native American Indian Expression
Current thread:
- Re: C: initializing automatics Brett Hutley (Dec 03)
- <Possible follow-ups>
- Re: C: initializing automatics Andreas Saurwein (Dec 04)