logo

Loop Condition Value Update within the Loop

Incomplete Base
Structure: Simple
Description

This vulnerability occurs when a loop's exit condition depends on a variable that is also modified inside the loop body. This creates a complex and often unpredictable control flow that is difficult to analyze.

Extended Description

This coding pattern creates a 'moving target' for the loop's logic, making the code's behavior hard to predict and reason about. Developers and security tools may struggle to determine how many times the loop will execute or under what conditions it will terminate, which can lead to infinite loops, incorrect calculations, or unexpected state changes. From a security perspective, this complexity acts as a breeding ground for bugs. It increases the time and effort needed for code reviews and security audits, making it easier for subtle logic flaws and boundary errors to slip through. These flaws can later manifest as denial-of-service conditions, data corruption, or other vulnerabilities that are difficult to trace back to the convoluted loop logic.
Common Consequences 1
Scope: Other

Impact: Reduce Maintainability
References 1
Automated Source Code Maintainability Measure (ASCMM)
Object Management Group (OMG)
01-2016
https://www.omg.org/spec/ASCMM/(2023-04-07)
ID: REF-960
Related Weaknesses
ChildOf: Excessive Code Complexity (CWE-1120)
Taxonomy Mapping
  • OMG ASCMM