
Rule: Always check parameters on functions callable from outside code.
Thoughts:
For example, on an exported function that takes two integers (both of which should be non-negative), we could do this:
// callable from outside code int myfunc(int a, int b) { if ((a < 0) || (b < 0)) return -1; return myfunc_internal(a, b); } // callable only from my code - can assume sanitized parameters int myfunc_internal(int a, int b) { ... }