forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathLateNegativeTest.qhelp
More file actions
34 lines (25 loc) · 811 Bytes
/
LateNegativeTest.qhelp
File metadata and controls
34 lines (25 loc) · 811 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
This rule finds integer values that are first used to index an array and
subsequently tested for being negative. If it is relevant to perform this test
at all then it should probably happen <em>before</em> the indexing, not
after. Otherwise, if the value is negative then the program will have failed
before performing the test.
</p>
<include src="dataFlowWarning.qhelp" />
</overview>
<recommendation>
<p>
See if the value needs checking before being used as array index. Double-check
if the value is derived from user input. If the value clearly cannot be
negative then the negativity test is redundant and can be removed.
</p>
</recommendation>
<example>
<sample src="LateNegativeTest.cpp" />
</example>
</qhelp>