Mon Jun 25 2018
Most common mistakes by a programmer
In this article, we enlist the most common errors and mistakes that programmers do when they coding. It will help you to avoid the pitfalls while writing the code. This one is important and deserves a wide range of attention. These errors have resulted in widespread outages, data theft, intrusions and more. Some of the errors are particular to certain languages such as C, C++, etc. but some are common across other languages.
So, let’s check out the Errors -
Syntax errors
Syntax errors are due to the fact that the syntax of the Java language is not respected.
Logical errors
Logical errors are caused by the fact that the software specification is not respected. The program is compiled and executed without errors but does not generate the requested result.
Failure to preserve web page structure
Cross-site scripting (XSS) is a result of combining the stateless nature of HTTP, the mixture of data and script in HTML, lots of data passing between websites, diverse encoding schemes, and feature-rich web browsers. If you're not careful, attackers can inject Javascript or other browser-executable content into a web page that your application generates. Your web page is then accessed by other users, whose browsers execute that malicious script as if it came from you that because it did come from you. Your website is serving code that you didn't write. The attacker can use a variety of techniques to get the input directly into your server or use an unwitting victim as the middleman.
Buffer overflow
Buffer Overflow occurs when data is written into a buffer past its end. It may arise due to faulty calculations of the writing position. Or continuous writing into a buffer without checking the length. Whatever the reason, this error is one of the most common and has resulted in major exploits.
Cleartext transmission
Information sent across a network crosses many different nodes in transit to its final destination. If your software sends sensitive, private data or authentication credentials, beware: attackers could sniff them right off the wire. All they need to do is control one node along the path to the final destination, any node within the same networks of those transit nodes, or plug into an available interface. Obfuscating traffic using schemes like Base64 and URL encoding offers no protection.
SQL injection
SQL Injection is a technique for injecting SQL commands into user input such that these commands are directly executed by the database. This allows the attacker to perform malicious acts such as deleting tables, dropping databases, stealing data and much more. A key cause of SQL Injection attacks succeeding is that the application software that processes user input performs insufficient checks and validation on the input before passing it to the database for execution.
Integer overflow or wraparound
An Integer Overflow error occurs when you attempt to store a larger value into an integral type that will fit. When this happens, the larger value is truncated and the operation ends up storing an unpredictable result.
Allocate resources without limits
Memory allocation is very common in C and C++ since all memory management in these languages is manual. Allocating memory without proper validation of the size being allocated can cause the allocation to fail. When the result of this allocation is not checked but used directly, you have a recipe for disaster. These type of errors are also possible without manual memory management such as Java, JavaScript, and Python when allocating arrays. So proper care needs to be exercised when allocating arrays in these languages.
Null pointer dereference
A pointer may have a null value before it is properly initialized or after the memory is freed. Dereferencing such a pointer causes a null pointer error. It is very common in C, C++ as well as Java, and definitely possible in other languages too. You should take sufficient care in your code to avoid this kind of error.
Missing initialization
Local variables are those which are declared within a function or a block and cease to exist at the end of the function. These variables are allocated on the stack and will have random garbage when they are first declared. As a programmer, it is your duty to assign a suitable value to these variables as soon as they are declared. Using them before such initialization results in the Missing Initialization error and will most definitely end in a crash or something more devastating.
Execution with unnecessary privileges
Your software may need special privileges to perform certain operations; wielding those privileges longer than necessary is risky. When running with extra privileges, your application has access to resources that the application's user can't directly reach. Whenever you launch a separate program with elevated privileges, attackers can potentially exploit those privileges.
Misunderstanding scope rules
If you arenâ € ™t aware of Python scoping rules, then there is a high probability of making mistakes. Python scope resolution is based on Local, Enclosing, Global, Built-in rule. When you assign a variable in a scope, that variable is automatically considered by Python as a local scope and shadows of any similarly named variable in an outer scope. Many get surprised by an UnboundLocalError in previously working code when it is modified by adding an assignment statement somewhere in a function.
Ignoring exceptions
Many beginners are too lazy to write the code for handling exceptions. It seems to be harmless if the code runs fine without exceptions. But, in case the exceptions occurred, the code can fail silently which create difficulties to find the problem.
Drivers for testing
Drivers for testing are program portions that are used to test the correctness of a class or of a method. The purpose of such drivers is to call all methods of the public interface of a class and verify that they respect the specification. In order to perform a test that is complete, you should follow guidelines such as - verify each functionality (each method); perform the tests according to a specific order (the order of method application is often important); ensure that each statement is executed at least once, for example, when we have a conditional statement, we have to perform the test for various configurations of the input, in such a way that the boolean condition becomes respectively true and false; detect and test special cases, for example, an empty file as input to a method that reads from a file.
Improper access control
If you don't ensure that your software's users are only doing what they're allowed to, then attackers will try to exploit your improper authorization and exercise that unauthorized functionality.
Use of the broken cryptographic algorithm
Cryptography is constantly evolving. If one is acceptable today may no longer be acceptable tomorrow. That because the increasing power of computers where computing tasks which are deemed to take years today might take minutes tomorrow. Even someone finds a new way to crack a particular algorithm which renders that algorithm useless. So it's better to constantly keep abreast of developments in cryptography and update your code if vulnerabilities and hacks are discovered in the algorithms that you use.
Missing braces
It is common to forget a closing brace when coding a deeply nested loop. The number of opening braces should match with the closing ones. However, if one puts a matching brace in a wrong place, the compiler won’t notice the mistake and the program will produce an unexpected result.
Error in comment characters
Every comment should start with /* and end with */. Anything between them is ignored by the compiler. If we miss out the closing */, then the compiler searches for a closing */ further down in the program, treating all the lines as comments. In case, it fails to find to find a closing */, may get an error message.
Missing semicolons
Every statement must end with a semicolon. A missing semicolon may cause considerable confusion to the compiler and result in misleading error messages.
Wrong placement of the semicolon
Another common mistake is to put a semicolon in a wrong place.
Errors in quotes
Every string must be enclosed in double quotes, while a single character constant in single quotes. If one misses them out, the string or the character will be interpreted as a variable name.
Undeclared variables
Every variable must be declared for its type before it is used. During the development of a large program, it is quite possible to use a variable to hold intermediate results and to forget to declare it.
Error in scanf parameters
All non-pointer variables in a scanf call should be preceded by a & operator. If the variable code an integer, then the statement scanf(“%d”, code); is wrong. The correct one is scanf(“%d”, & code); Remember that the compiler will not detect the error and you may get a crazy output.
The error of actual and formal parameter type in function calls
When a function with parameters is called, one should ensure that the type of values passed, match with the type expected by the called function. Otherwise, erroneous results may occur. If necessary, he may use the typecast to change the type locally.
Error in bounds of an array
Array indices start from 0. But the common mistake is to start the index from 1.
Using uninitialized pointers
An uninitialized pointer points to garbage.
Forgetting a space for the null character in a string
All character arrays are terminated with a null character and therefore their size should be declared to hold one character more than the actual string size.
Missing indirection and address operators
Another common error is to forget to use the operators * and & in certain places.
Omitting parentheses around arguments in macro definitions
This would cause incorrect evaluation of expression when the macro definition is substituted.
‘could not find function’ error
This error arises when an R package is not loaded properly or due to the misspelling of the functions. When a programmer runs the code, he gets a could not find function “ymd” error in the console. This is because he has not loaded the package “lubridate” to which the ymd function belongs. He needs to include the line - library(lubridate) at the start of the code to run it error-free. If he misspells the ymd() function, this will also throw up a could not find function “ymd” error.
‘Error in if’
“Error in if” generally means the logical statement in “if (xxx) { …” is not yielding a logical value. Most of these have missing value where True/False is needed, meaning that the variable in xxx has NA in it. A programmer has assigned NA to the variable “c”. When he uses “c” in the logical statement, (c > 12) this also gives NA, and as a result of the if() expression cannot be executed.
‘object not found’ error
This error occurs when the particular object used in the code is empty. For example - A programmer is trying to compute the market capitalization of Tata Motors Limited. He gets an ‘Object not found’ error as the “price” object is missing in the code. He has only entered the number of shares outstanding in the code, and not the price.
‘: cannot open the connection’ error
There have two reasons for this error to show up when running an R script -
A file/connection can’t be opened because R can’t find it (mostly due to an error in the path).
Failure in .onLoad() because a package can’t find a system dependency.
A programmer is getting this error because he has specified the wrong path to the “dirPath” object in the code. He missed adding a forward slash after getwd() in the paste function. This led to the wrong path, and hence the error. After adding the forward slash, he re-ran the code. Now the right dirPath and fileName will be printed in the R console.
‘subscript out of bounds’ error
This error is likely to occur when one is using nested loops incorrectly in the code. For example - The “letters.mat” matrix has 5 rows. Since the first loop size is the same as that of the number of rows in the “letters.mat” matrix, the code runs successfully. However, if programmer increases the first loop size beyond 5, he gets “subscript out of bounds” error. This is because when he increases the loop size to 10, he has not increased the size of the underlying object (letters.mat).
‘non-numeric argument to a binary operator’ error
This is a simple error to decipher. Since today_close is a character, the price_change computation results in the error.
‘replacement has’ error
This error occurs when one tries to assign a vector of values to a subset of an existing object and the lengths do not match up. For example - the stock price data of Canada bank has 246 rows. In the code, programmer created a sequence “s” of numbers from 1 to 150. When he tried to add this sequence to the Canada bank data set, it throws up a “replacement error” as the lengths of the two do not match.
We have covered the most common programming and coding errors. If you come across any other errors which might lead to a large-scale hack of your program, then, don't hesitate to share with us in the comments below. Thank you!