Use of Incorrect Operator

The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.

  • Source

    CWE Catalog - 4.12

  • Identifier

    CWE-480

  • Status

    Draft

Contents

Description

These types of errors are generally the result of a typo by the programmer.

Demonstrations

The following examples help to illustrate the nature of this weakness and describe methods or techniques which can be used to mitigate the risk.

Note that the examples here are by no means exhaustive and any given weakness may have many subtle varieties, each of which may require different detection methods or runtime controls.

Example One

The following C/C++ and C# examples attempt to validate an int input parameter against the integer value 100.

int isValid(int value) {
  if (value=100) {
    printf("Value is valid\n");
    return(1);
  }
  printf("Value is not valid\n");
  return(0);
}
bool isValid(int value) {
  if (value=100) {
    Console.WriteLine("Value is valid.");
    return true;
  }
  Console.WriteLine("Value is not valid.");
  return false;
}

However, the expression to be evaluated in the if statement uses the assignment operator "=" rather than the comparison operator "==". The result of using the assignment operator instead of the comparison operator causes the int variable to be reassigned locally and the expression in the if statement will always evaluate to the value on the right hand side of the expression. This will result in the input value not being properly validated, which can cause unexpected results.

Example Two

The following C/C++ example shows a simple implementation of a stack that includes methods for adding and removing integer values from the stack. The example uses pointers to add and remove integer values to the stack array variable.

#define SIZE 50
int *tos, *p1, stack[SIZE];

void push(int i) {

  p1++;
  if(p1==(tos+SIZE)) {


    // Print stack overflow error message and exit


  }
  *p1 == i;

}

int pop(void) {

  if(p1==tos) {


    // Print stack underflow error message and exit


  }
  p1--;
  return *(p1+1);

}

int main(int argc, char *argv[]) {


  // initialize tos and p1 to point to the top of stack
  tos = stack;
  p1 = stack;
  // code to add and remove items from stack
  ...
  return 0;

}

The push method includes an expression to assign the integer value to the location in the stack pointed to by the pointer variable.

However, this expression uses the comparison operator "==" rather than the assignment operator "=". The result of using the comparison operator instead of the assignment operator causes erroneous values to be entered into the stack and can cause unexpected results.

See Also

Comprehensive Categorization: Insufficient Control Flow Management

Weaknesses in this category are related to insufficient control flow management.

CISQ Quality Measures - Security

Weaknesses in this category are related to the CISQ Quality Measures for Security. Presence of these weaknesses could reduce the security of the software.

CISQ Quality Measures - Maintainability

Weaknesses in this category are related to the CISQ Quality Measures for Maintainability. Presence of these weaknesses could reduce the maintainability of the software.

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

CWE Cross-section

This view contains a selection of weaknesses that represent the variety of weaknesses that are captured in CWE, at a level of abstraction that is likely to be useful t...

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.