CertC-EXP46

Do not use a bitwise operator with a Boolean-like operand

Required inputs: IR

Mixing bitwise and relational operators in the same full expression can be a sign of a logic error in the expression where a logical operator is usually the intended operator. Do not use the bitwise AND ( &), bitwise OR ( |), or bitwise XOR ( ^) operators with an operand of type  _Bool, or the result of a relational-expression or equality-expression. If the bitwise operator is intended, it should be indicated with use of a parenthesized expression.

Noncompliant Code Example

In this noncompliant code example, a bitwise  & operator is used with the results of an equality-expression: 

if (!(getuid() & geteuid() == 0)) {
  /* ... */
}
Compliant Solution

This compliant solution uses the && operator for the logical operation within the conditional expression: 

if (!(getuid() && geteuid() == 0)) {
  /* ... */
}
Risk Assessment
Rule Severity Likelihood Remediation Cost Priority Level
EXP46-C Low Likely Low P9 L2
Related Guidelines
Taxonomy Taxonomy item Relationship
ISO/IEC TR 24772:2013 Likely Incorrect Expression [KOA] Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11 CWE-480, Use of incorrect operator 2017-07-05: CERT: Rule subset of CWE
CWE 2.11 CWE-569 2017-07-06: CERT: Rule subset of CWE
Bibliography
[ Hatton 1995] Section 2.7.2, "Errors of Omission and Addition"
Excerpt from SEI CERT C Coding Standard: Rules for Developing Safe, Reliable, and Secure Systems (2016 Edition) and SEI CERT C Coding Standard [https://cmu-sei.github.io/secure-coding-standards/sei-cert-c-coding-standard/rules/expressions-exp/exp46-c], Copyright (C) 1995-2026 Carnegie Mellon University. See section 9.4. "3rd-Party Licenses" in the documentation for full details.

Possible Messages

Key

Text

Severity

Disabled

bool_operand_in_bad_operator

Use of boolean operand in ‘{}’ operator

None

False

Options