Synopsis

A variable is checked for a non-negative value after being used, instead of before.

Enabled by default

Yes

Severity/Certainty

Low/High

Full description

A function parameter or index is used in a context that implicitly asserts that it is not negative, but it is not determined to be non-negative until after it is used. If the value actually is negative when the variable is used, data might be corrupted, the application might crash, or a security vulnerability might be exposed.

Coding standards

This check does not correspond to any coding standard rules.

Code examples

The following code example fails the check and will give a warning:

#include <stdlib.h>
int foo(int p)
{
  int *x = malloc(p); // p was an argument to malloc(),
                      // so it is not negative 

  if (p < 0)
    return 0;

  return p;
}

The following code example passes the check and will not give a warning about this issue:

#include <stdlib.h>
int foo(int p)
{
  int *x;

  if (p < 0)
    return 0;

  x = malloc(p);  // OK - p is non-negative

  return p;
}