ASSIGCOND.CALL
Function call in assignment in conditional statement
The ASSIGCOND.CALL checker finds conditional statements in which the right part of an assignment expression is a function call.
Vulnerability and risk
This checker typically finds syntax errors, usually cases in which an assignment operator is used mistakenly instead of a comparison operator. If the error isn't corrected, unintended program behavior is likely to occur.
Vulnerable code example
class A{
void foo(int);
int qq();
};
void A::foo(int i)
{
if(i=qq()){}
}
In the code example, Klocwork has flagged line 7 because the right side of the assignment expression in the if statement appears to be a function call.
Fixed code example 1
class A{
void foo(int);
int qq();
};
void A::foo(int i)
{
if((i==qq()) {}
}
In this fixed code, the assignment operator has been replaced with the intended comparison operator.
Fixed code example 2
class A{
void foo(int);
int qq();
};
void A::foo(int i)
{
if((i=qq()) !=0) {}
}
In this fixed code, brackets have been used to make the assignment syntax clear.
Related checkers
External guidance
Security training
Application security training materials provided by Secure Code Warrior.