...
A programmer performing maintenance on this program would need to identify the relationship and modify both definitions accordingly. While Although this sort of error appears relatively benign, it can easily lead to serious security vulnerabilities, such as buffer overflows.
...
The declaration in this compliant solution embodies the relationship between the two definitions.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
enum { IN_STR_LEN=18, OUT_STR_LEN=IN_STR_LEN+2 };
|
...
In this noncompliant code example, a relationship is established between two constants where none exists.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
enum { ADULT_AGE=18 };
/* misleading, relationship established when none exists */
enum { ALCOHOL_AGE=ADULT_AGE+3 };
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
| [Plum 1985] | Rule 1-4 |
...