Synopsis

A variable is checked for a positive value after being used, instead of before.

Enabled by default

Yes

Severity/Certainty

Low/High

Full description

A function parameter or index is used in a context that implicitly asserts that it is positive, but it is not compared to 0 until after it is used. If the value actually is negative or 0 when the variable is used, data might be corrupted, the application might crash, or a security vulnerability might be exposed.

Coding standards

This check does not correspond to any coding standard rules.

Code examples

The following code example fails the check and will give a warning:

#include <stdlib.h>
int foo(int p)
{
  int *x = malloc(p);

  // p was an argument to malloc(), so not negative

  if (p <= 0)
    return 0;

  return p;
}

The following code example passes the check and will not give a warning about this issue:

#include <stdlib.h>
int foo(int p)
{
  int *x;

  if (p < 0)
    return 0;

  x = malloc(p);  // OK - p is non-negative

  return p;
}