Secure Coding mailing list archives
Re: Variable comparisons
From: der Mouse <mouse () Rodents Montreal QC CA>
Date: Wed, 03 Dec 2003 17:35:13 +0000
[if (constant == variable) as defense against s/==/=/][M]y erstwhile manager complained about lack of readability, since as you point out:This is counter to the way we generally tend to think when writing mathematical expressions,
Well, yes, but mathematical expressions rarely include anything very much like programming-language assignments.
Meanwhile, even while I still worked there, I tried to avoid assignments within conditionals....
-Wparentheses -Werror is your friend. :-) Even if you don't use gcc for your production builds, with a suitable bunch of warning options it makes a fairly nice lint-alike. In some circumstances it doesn't even have to be ported to your target, or even build, platform. (Depending on the lint, I sometimes think it's better than lint. The more paranoid will of course use both....) /~\ The ASCII der Mouse \ / Ribbon Campaign X Against HTML [EMAIL PROTECTED] / \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Current thread:
- Variable comparisons David A. Wheeler (Dec 03)
- <Possible follow-ups>
- Re: Variable comparisons der Mouse (Dec 03)
- Re: Variable comparisons Dave Aronson (Dec 03)
- Re: Variable comparisons Martin Stricker (Dec 03)
- Re: Variable comparisons Danny Smith (Dec 03)
- Re: Variable comparisons Bob Toxen (Dec 03)
- Re: Variable comparisons Wietse Venema (Dec 05)
- Re: Variable comparisons Florian Weimer (Dec 06)
- Re: Variable comparisons Peter G. Neumann (Dec 03)
- Re: Variable comparisons Peter G. Neumann (Dec 07)