SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 149

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 150

changes.mady.by.user Svyatoslav Razmyslov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Converting a floating-point value to a floating-point value of a smaller range and precision or to an integer type, or converting an integer type to a floating-point type, can result in a value that is not representable in the destination type and is undefined behavior on implementations that do not support Annex F.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FLP34-C

Low

Unlikely

Low

P3

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
 

Supported, but no explicit checker
Compass/ROSE
 

 



Can detect some violations of this rule. However, it does not flag implicit casts, only explicit ones

Coverity

Include Page
Coverity_V
Coverity_V

MISRA_CAST (needs verification)

Can detect instances where implicit float conversion is involved: implicitly converting a complex expression with integer type to floating type, implicitly converting a double expression to narrower float type (may lose precision), implicitly converting a complex expression from float to double, implicitly converting from float to double in a function argument, and so on

LDRA tool suite
Include Page
LDRA_V
LDRA_V
435 S, 93 SPartially implemented
Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
MISRA2004-10_1_dPartially implemented
Polyspace Bug FinderR2016a

Float conversion overflow, Integer conversion overflow, Unsigned integer conversion overflow

 


Overflow when converting between floating point data types

Overflow when converting between integer types

Overflow when converting between unsigned integer types

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

4450, 4451,
4452, 4453,
4454, 4462, 4465

Partially implemented
 
PRQA QA-C++
 3011 

3011 
PVS-Studio6.22V615, V2003, V2004General analysis and Customer specific rule sets
 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT Oracle Secure Coding Standard for JavaNUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted dataPrior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013Numeric Conversion Errors [FLC]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-681, Incorrect Conversion between Numeric Types2017-06-29: CERT: Rule subset of CWE
CWE 2.11CWE-1972017-06-14: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

...

CWE-681 = Union( FLP34-C, INT31-C)

Bibliography

[IEEE 754 2006]
 

[ISO/IEC 9899:2011]Subclause 6.3.1.4, "Real Floating and Integer"
Subclause 6.3.1.5, "Real Floating Types"

...


...