SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 92

changes.mady.by.user Jill Britton

Saved on

compared with

New Version 93

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Bitwise shifts include left-shift operations of the form shift-expression << additive-expression and right-shift operations of the form shift-expression >> additive-expression. The integer promotions are performed on the operands, each of which has an integer type. The type of the result is that of the promoted left operand. If the value of the right operand is negative or is greater than or equal to the width of the promoted left operand, the behavior is undefined. See also undefined behavior 51 of in Annex J of C11 [ISO/IEC 9899:2011]the C Standard.

In almost every case, an attempt to shift by a negative number of bits or by more bits than exist in the operand indicates a bug (logic error). This is different from overflow, where there is simply a representational deficiency. (See INT32-C. Ensure that operations on signed integers do not result in overflow.)

...

The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated bits are filled with zeros. According to the C standardStandard, if E1 has an unsigned type, the value of the result is E1 * 2E2, reduced modulo one more than the maximum value representable in the result type.

...

Tool

Version

Checker

Description

LDRA tool suite

Include Page
LDRA_VLDRA_V

403 S

Partially implemented.

Fortify SCA

V. 5.0

 

Can detect violations of this rule with CERT C Rule Pack.

Compass/ROSE

 

 

Can detect violations of this rule. Unsigned operands are detected when checking for INT13-C. Use bitwise operators only on unsigned operands.

ECLAIR
Include Page
ECLAIR_V
ECLAIR_V
shiftrhsPartially implemented.

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack.

LDRA tool suite

Include Page
LDRA_V
LDRA_V

403 S

Partially implemented.

PRQA QA-C
Include Page
PRQA_V
PRQA_V

0499
0500
0501
2790
2791 (D)
2792 (A)
2793 (S)

Partially implemented.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard

...

INT34-CPP. Do not shift a negative number of bits or more bits than exist in the operand

...

ISO/IEC TR 24772

...

Wrap-around error [XYY]

Bibliography

[Dowd 2006]Chapter 6, "C Language Issues"
[ISO/IEC 2003]Section 6.5.7, "Bitwise

...

Bibliography

A test program for this rule is available at www.securecoding.cert.org.

...

Shift Operators"
[Seacord 2005a]Chapter 5, "Integers"
[Viega 2005]Section 5.2.7, "Integer Overflow"

A test program for this rule is available at www.securecoding.cert.org. overflow"

...