CWE-482

Comparing instead of Assigning. [Insufficient-Control-Flow-Management]

Required inputs: IR

The code uses an operator for comparison when the intention was to perform an assignment. In many languages, the compare statement is very close in appearance to the assignment statement; they are often confused.

Demonstrative Examples

Example 1

The following example demonstrates the weakness.

Example Language:Java (Unsupported language for documentation only)
    void called(int foo) {
        foo==1;
        if (foo==1) System.out.println("foo\n");
    }
    int main() {
        called(2);
        return 0;
    }

Example 2

The following C/C++ example shows a simple implementation of a stack that includes methods for adding and removing integer values from the stack. The example uses pointers to add and remove integer values to the stack array variable.

Example Language:C
    #define SIZE 50
    int *tos, *p1, stack[SIZE];

    void push(int i) {
        p1++;
        if(p1==(tos+SIZE)) {
            // Print stack overflow error message and exit
        }
        *p1 == i;
    }

    int pop(void) {
        if(p1==tos) {
            // Print stack underflow error message and exit
        }
        p1--;
        return *(p1+1);
    }

    int main(int argc, char *argv[]) {
        // initialize tos and p1 to point to the top of stack
        tos = stack;
        p1 = stack;
        // code to add and remove items from stack
        ...
        return 0;
    }

The push method includes an expression to assign the integer value to the location in the stack pointed to by the pointer variable.

However, this expression uses the comparison operator "==" rather than the assignment operator "=". The result of using the comparison operator instead of the assignment operator causes erroneous values to be entered into the stack and can cause unexpected results.

Excerpts from CWE [https://cwe.mitre.org], Copyright (C) 2006-2026, the MITRE Corporation. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key	Text	Severity	Disabled
bad_comparison	Use of comparison when the intention was to perform an assignment.	None	False

Options

• This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity

• The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

• This rule has no individual options.