Incorporate diagnostic tests into your program. One convenient mechanism for this is the assert() macro.
The assert macro expands to a void expression:
#include <assert.h> void assert(scalar expression);
When it is executed, if expression (which must have a scalar type) is false, the assert macro writes information about the particular call that failed (including the text of the argument, the name of the source file, the source line number, and the name of the enclosing function) on the standard error stream in an implementation-defined format and calls the abort() function.
Risk Assessment
Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. The absence of assertions, however, does not mean that code is incorrect.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC11-A |
1 (low) |
1 (unlikely) |
3 (low) |
P3 |
L3 |
References
[[ISO/IEC 9899-1999]] Section 7.2.1, "Program diagnostics"