SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 201

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 202

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: copied in UWIDTH macro

...

Code Block
bgColor#ccccff
langc
#include <assert.h>
#include <limits.h>

#define UWIDTH(type, umax_value) (sizeof(type) * CHAR_BIT)
  
void func(signed int si_a, signed int si_b) {
  signed int result;
  signed long long tmp;
  assert(UWIDTH(signed long long, ULLONG_MAX) >=
         2 * UWIDTH(int, UINT_MAX));
 
  tmp = (signed long long)si_a * (signed long long)si_b;
 
  /*
   * If the product cannot be represented as a 32-bit integer,
   * handle as an error condition.
   */
  if ((tmp > INT_MAX) || (tmp < INT_MIN)) {
    /* Handle error */
  } else {
    result = (int)tmp;
  }
  /* ... */
}

The assertion fails if long long has less than twice the width of int. It relies on The purpose of the UWIDTH() macro , which is defined explained in INT19-C. Correctly compute integer widths.

...

Code Block
bgColor#ccccff
langc
#include <limits.h>

#define UWIDTH(type, umax_value) (sizeof(type) * CHAR_BIT) 

void func(signed long si_a, signed long si_b) {
  signed long result;
  if ((si_a < 0) || (si_b < 0) ||
      (si_b >= UWIDTH(signed long, ULONG_MAX)) ||
      (si_a > (LONG_MAX >> si_b))) {
    /* Handle error */
  } else {
    result = si1 << si2;
  }
 
  /* ... */
}

...

The UWIDTH() macro provides the correct width for an unsigned integer type , and is defined in (see INT19-C. Correctly compute integer widths). This solution also complies with INT34-C. Do not shift a negative number of bits or more bits than exist in the operand.

...