Section 6.2.5, para. paragraph 9, and of the C standard Standard [ISO/IEC 9899:2011] , states:
A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting type.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
pen->num_vertices = _cairo_pen_vertices_needed(
gstate->tolerance, radius, &gstate->ctm
);
if (pen->num_vertices > SIZE_MAX/sizeof(cairo_pen_vertex_t)) {
/* handle error condition */
}
pen->vertices = malloc(
pen->num_vertices * sizeof(cairo_pen_vertex_t)
);
|
Atomic Integers
The C standard [ISO/IEC 9899:2011] Standard defines arithmetic on atomic integer types as read-modify-write operations with the same representation as nonatomic integer types. As a result, wrapping of atomic unsigned integers is identical to nonatomic unsigned integers and should also be prevented or detected.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
Fortify SCA | V. 5.0 |
| Can detect violations of this rule with the CERT C Rule Pack. | ||||||
Compass/ROSE |
|
| Can detect violations of this rule by ensuring that operations are checked for overflow before being performed. Be mindful of exception INT30-EX2 because it excuses many operations from requiring validation, including all the operations that would validate a potentially dangerous operation. For instance, adding two | ||||||
Fortify SCA | 5.0 |
| Can detect violations of this rule with the CERT C Rule Pack. | ||||||
| PRQA QA-C |
| 2910 (C) | Partially implemented. |
Related Vulnerabilities
CVE-2009-1385 results from a violation of this rule. The value performs an unchecked subtraction on the length of a buffer and then adds that many bytes of data to another buffer [xorl 2009]. This can cause a buffer overflow, which allows an attacker to execute arbitrary code.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
...
| Wrap-around error |
...
| [XYY] |
| MITRE CWE |
...
| Integer overflow (wrap or wraparound) |
...
Bibliography
| [Dowd 2006] | Chapter 6, "C Language Issues" ("Arithmetic |
|---|
...
| Boundary Conditions," pp. 211–223) | |
|---|---|
| [ISO/IEC 9899:2011] | Section 6.2.5, "Types" |
| [Seacord 2005] | Chapter 5, "Integers" |
| [Viega 2005] | Section 5.2.7, "Integer |
...
| Overflow" | |
| [VU#551436] | |
| [Warren 2002] | Chapter 2, "Basics" |
| [Wojtczuk 2008] | |
| [xorl 2009] | "CVE-2009-1385: Linux |
...
...