...
INT32-EX2. Checks for wraparound can be omitted when it can be determined at compile time that wraparound will not occur. As such, the following operations on unsigned integers require no validation:
- Operations operations on two compile-time constants.
- Operations operations on a variable and 0 (except division by 0, of course).
- Subtracting subtracting any variable from its type's maximum. For instance, any
unsigned intmay safely be subtracted fromUINT_MAX. - Multiplying multiplying any variable by 1.
- Divisiondivision, as long as the divisor is nonzero.
- Rightright-shifting any type maximum by any number smaller than the type size. For instance,
UINT_MAX >> xis valid as long asx < sizeof(unsigned int). - Leftleft-shifting 1 by any number smaller than the type size.
Risk Assessment
Integer wrap can lead to buffer overflows and the execution of arbitrary code by an attacker.
...