ASSIGCOND.CALL

Function call in assignment in conditional statement

The ASSIGCOND.CALL checker finds conditional statements in which the right part of an assignment expression is a function call.

Vulnerability and risk

This checker typically finds syntax errors, usually cases in which an assignment operator is used mistakenly instead of a comparison operator. If the error isn't corrected, unintended program behavior is likely to occur.

Vulnerable code example

Copy
  class A{
     void foo(int);
     int qq();
  };
  void A::foo(int i)
  {
    if(i=qq()){} 
  }

In the code example, Klocwork has flagged line 7 because the right side of the assignment expression in the if statement appears to be a function call.

Fixed code example 1

Copy
  class A{
     void foo(int);
     int qq();
  };
  void A::foo(int i)
  {
    if((i==qq()) {} 
  }

In this fixed code, the assignment operator has been replaced with the intended comparison operator.

Fixed code example 2

Copy
  class A{
     void foo(int);
     int qq();
  };
  void A::foo(int i)
  {
    if((i=qq()) !=0) {} 
  }

In this fixed code, brackets have been used to make the assignment syntax clear.

Related checkers

Security training

Application security training materials provided by Secure Code Warrior.