...
Rule:
...
Always
...
check
...
parameters
...
on
...
functions
...
callable
...
from
...
outside
...
code.
...
Thoughts:
...
For
...
example,
...
on
...
an
...
exported
...
function
...
that
...
takes
...
two
...
integers
...
(both
...
of
...
which
...
should
...
be
...
non-negative),
...
we
...
could
...
do
...
this:
| Code Block |
|---|
// callable from outside code int myfunc(int a, int b) { if ((a < 0) \|\| (b < 0)) return \-1; return myfunc_internal(a, b); } // callable only from my code - can assume sanitized parameters int myfunc_internal(int a, int b) { ... } |