Unsafe Variable Initialization? [closed]

https://stackoverflow.com/questions/23465690

15-07-2023
|

Question

Closed. This question needs details or clarity. It is not currently accepting answers.

Want to improve this question? Add details and clarify the problem by editing this post.

Closed 9 years ago.

I am preparing for a security exam and found a point which stated to avoid Unsafe Variable Initialization. Can any one please explain me with an example (in any programming language) what type of initialization will become unsafe??

Providing more inputs from my research:
Unsafe variable initialization should not be followed as per security coding standards. The words may not tell anything but after my research, for project requirements there are cases when you have to use calls that interact directly with the operating system(which are generally taken care by a JVM, CLR without user intervention) like memory allocations etc. And the second point is related to what @Soner has commented --> msdn.microsoft.com/en-us/library/t2yzs44b.aspx.
Sorry for the confusion with the words variable initialization, it also confused me and that is the reason why I posted it as a question.

Solution

I'm pretty sure what is meant looks like this

int variable;
for(int i=0; i++; i<4){
     variable+=i; //Compilation error, garbage or expected result, depending on language
}

In this case variable does not have an initial value and MAY be equal to zero. Or may contain garbage. Some languages disallow this (java local variables) or at least give you a warning. Some other languages allow this and guarantee initial value to be zero or null (java instance fields). http://blog.ajduke.in/2012/03/25/variable-initialization-and-default-values/

Licensed under: CC-BY-SA with attribution

Not affiliated with StackOverflow