q
Is
every array index and pointer arithmetic operation…
o
Okay
given the preconditions and data assumptions?
o
Checked
for size before data is entered into the buffer?
q
Is
every library function call…
o
A
safe library function call?
o
Given
the correct input in terms of number of characters or size of the buffer? Be careful of off-by-one errors.
q
Has
all reused code…
o
Been
inspected for buffer overflow problems?
o
Been
checked for differences in data size such as the difference between ASCII and
UNICODE?
q
Were
all string inputs tested with a very long string to see if…
o
The
program crashes?
o
Data
is corrupted?
q
Were
all non-string buffered inputs tested with too much data to see if…
o
The
program crashes?
o
Data
is corrupted?
q
Were
all inputs that get reformatted into a buffer tested…
o
With
their maximum and minimum values?
o
On
the boundaries of all other partitions (i.e. you should test something with
zeros in it like 4005 or 4000 for a program that converts decimal integers to
ternary strings)?
q
Was
all of the new code tested…
o
On
every platform that the software is intended to run on?
o
With
all possible settings that could affect it?
q
Was
all of the old code tested…
o
Under
the new assumptions?
o
With
any changes in data size such as the difference between ASCII and UNICODE?
o
On
every platform that the software is intended to run on?