Assignment where comparison was intended¶
ID: cpp/assign-where-compare-meantKind: problemSecurity severity: Severity: errorPrecision: highTags: - reliability - correctness - external/cwe/cwe-481Query suites: - cpp-security-and-quality.qls
Click to see the query in the CodeQL repository
This rule finds uses of the assignment operator= in places where the equality operator== would make more sense. This is a very common mistake in C and C++, because of the similarity of the= and the== operator, and the fact that theif statement accepts a condition with an integral type, instead of limiting it to just thebool type.
The rule flags every occurrence of an assignment in a position where its result is interpreted as a truth value. An assignment is only flagged if its right hand side is a compile-time constant.
Recommendation¶
Check to ensure that the flagged expressions are not typos. If an assignment is really intended to be treated as a truth value, it may be better to surround it with parentheses.
Example¶
if(p=NULL){//most likely == was intended. Otherwise it evaluates to the value//of the rhs of the assignment (which is NULL)...}
References¶
Tutorialspoint - The C++ Programming Language:Operators in C++
Wikipedia:Operators in C and C++
Common Weakness Enumeration:CWE-481.