Calysto v1.5 reports on ssh v4.6p1

Darren Tucker dtucker at
Sun Aug 12 14:51:29 EST 2007

Peter Stuge wrote:
> I guess the analyzer is concerned with compilers that generate code
> to evaluate both statements even though the first one fails. If the
> second statement succeeds then it seems to be at least an fd leak.
> I don't know what the rules are for C - apparently GCC stops
> evaluating once the complete statement is impossible, but is it
> good form to rely on that behavior?

That "short circuit" or "lazy evaluation" behaviour is specified by the 
C standards (and I'm pretty sure it's in the K&R book too although I 
don't have a copy to confirm that).

 From section 6.5.13 of what I think this is the most recent C99 spec[1]:

        [#4]  Unlike  the bitwise binary & operator, the && operator
        guarantees left-to-right evaluation;  there  is  a  sequence
        point  after  the  evaluation  of the first operand.  If the
        first operand compares equal to 0, the second operand is not

I would assume that there's similar language in the original ANSI C spec.


Darren Tucker (dtucker at
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list