程序可能會在初始化之前使用一個變量。
默認情況下,C 語言和 C++ 語言中的堆棧變量是未經初始化的。它們的初始值取決于調用函數時,它們所在的棧發生了什么情況。程序應該永不使用 uninitialized variable。
對于程序員來說,他們通常會使用代碼中 uninitialized variable 來處理錯誤或是一些特殊和異常的情況。uninitialized variable 警告有時能夠指出代碼中存在的排字錯誤。
例 1:以下切換語句企圖為變量 aN 和 bN 賦值,但在默認情況下,程序員會一不小心為 aN 賦兩次值。
switch (ctl) {
case -1:
aN = 0; bN = 0;
break;
case 0:
aN = i; bN = -i;
break;
case 1:
aN = i + NEXT_SZ; bN = i - NEXT_SZ;
break;
default:
aN = -1; aN = -1;
break;
}
[1] Standards Mapping - OWASP Top 10 2004 - (OWASP 2004) A9 Application Denial of Service
[2] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP6080 CAT II
[3] Standards Mapping - Security Technical Implementation Guide Version 3.4 - (STIG 3.4) APP6080 CAT II
[4] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 457
[5] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 - (PCI 1.1) Requirement 6.5.9
[6] Standards Mapping - SANS Top 25 2009 - (SANS 2009) Risky Resource Management - CWE ID 665