Difference between revisions of "Incorrect block delimitation"
|Line 1:||Line 1:|
|Line 51:||Line 50:|
Revision as of 22:11, 27 May 2006
In some languages, forgetting to explicitly delimit a block can result in a logic error that can, in turn, have security implications.
This is a general logic error - with all the potential consequences that this entails.
C, C++, C#, Java
Likelihood of exploit
Avoidance and mitigation
Implementation: Always use explicit block delimitation and use static-analysis technologies to enforce this practice.
In many languages, braces are optional for blocks, and - in a case where braces are omitted - it is possible to insert a logic error where a statement is thought to be in a block but is not. This is a common and well known reliability error.
In this example, when the condition is true, the intention may be that both x and y run.
if (condition==true) x; y;