Q
Detector Library
C detectors (34/34)
Logging of sensitive informationInsecure Use Of ChrootDeadlock And Lock InconsistencyUnsafe File ExtensionOS command injectionIncorrect Use Of FreeUse Of Uninitialized VariableInsecure Use strcat fnSQL injectionBitwise Operator On Signed OperandInsecure use gets fnRandom fd exhaustionRedundant Free UsageInsecure Use MemsetDivide By Zero.Return Stack AddressUnchecked Return ValueIncorrect Format SpecifierUnhandled Expression ResultPath traversalImproper Input ValidationOut Of Bounds ReadInteger OverflowInsecure use strtok functionImproper size of a memory bufferincomplete-cleanupNull pointer dereferenceInsecure Temporary File Or DirectoryInsecure Buffer AccessIncorrect Use Ato FnLoose File PermissionsExposure of Sensitive InformationOut-of-bounds WriteString Equality
String Equality High
When comparing the contents of two character strings, using == or != operators on char pointer or char values will compare the pointers or addresses rather than the actual character values. This can lead to incorrect comparison results. To properly compare character contents, use the strcmp() or strncmp() string comparison functions instead. These functions return 0 if the strings are equal or nonzero if they differ, providing an accurate character content comparison.
Detector ID
c/string-equality@v1.0
Category
Common Weakness Enumeration (CWE) 
Tags
Noncompliant example
1#include <stddef.h>
2#include <string.h>
3
4int stringEqualityNonCompliant()
5{
6 char *s = "Hello";
7 // Noncompliant: Checking strin pointer instead of value
8 if (s == "World") {
9
10 return -1;
11 }
12return 0;
13}
Compliant example
1#include <stddef.h>
2#include <string.h>
3
4char *s = "Hello";
5
6int stringEqualityCompliant()
7{
8 // Compliant: Checking actual value using strcmp
9 if (strcmp(s, "World") == 0) {
10 return -1;
11 }
12return 0;
13}