Security vulnerability question

Sep 14, 2014 at 9:42am
My professor at college stated that it is important to always initialize a function type because if you don't it creates a security vulnerability. He said that it is better to initialize it as zero and then let the programmer/user manipulate that value later on.

So my question is: Why is this a security vulnerability within the program?

Here was the example:

BAD:
 
int x;

GOOD:
 
int x = 0;
Sep 14, 2014 at 9:48am
It is not a security vulnerability. At least directly.
However it is a good idea to initialize variables at the time of declaration or right after. This helps to avoid using uninitialized variable which could lead to vulnerability.
Sep 14, 2014 at 3:58pm
I see two possible scenarios here:

A). (The most likely): Your professor is fear-mongering or exaggerating to instill the practice of correctly initializing your variables.

B) (Far FAR less likely): Your professor may be referring to a certain type of read after deletion exploit which requires a half dozen other things to line up just right (not to mention the use of a debugger) in order to be viable. Not that I question your instructors ability you understand, it would just be a very odd and specific thing to mention in what appears to be an introduction to programming class.
Last edited on Sep 14, 2014 at 3:59pm
Sep 14, 2014 at 8:32pm
By security he probably meant that it could cause an error. It is VERY unlikely that anyone would use that to mess with your program.
Sep 15, 2014 at 5:58am
Thank you guys for your input and wisdom.
Topic archived. No new replies allowed.