Page History

...

In almost every case, an attempt to shift by a negative number of bits or by more bits than exist in the operand indicates a bug (logic error). This is different from overflow, where there is simply a representational deficiency. (see See guideline INT32-C. Ensure that operations on signed integers do not result in overflow.).

Noncompliant Code Example (Left Shift, Signed Type)

...

Shift operators, and other bitwise operators, should only be used with unsigned integer operands, in accordance with guideline INT13-C. Use bitwise operators only on unsigned operands.

...

Making assumptions about whether a right shift is implemented as an arithmetic (signed) shift or a logical (unsigned) shift can also lead to vulnerabilities see . See guideline INT13-C. Use bitwise operators only on unsigned operands.

...

where %eax stores the least significant bits in the double word to be shifted, and %edx stores the most significant bits.

...

Automated Detection

...

...

...

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : INT34-CPP. Do not shift a negative number of bits or more bits than exist in the operand.

Bibliography

A test program for this rule is available at www.securecoding.cert.org

\[[Dowd 062006|AA. Bibliography#Dowd 06]\] Chapter 6, "C Language Issues"
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.5.7, "Bitwise shift operators"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "XYY Wrap-around Error"
\[[Seacord 05a2005a|AA. Bibliography#Seacord 05]\] Chapter 5, "Integers"
\[[Viega 052005|AA. Bibliography#Viega 05]\] Section 5.2.7, "Integer overflow"
\[[ISO/IEC 032003|AA. Bibliography#ISO/IEC 03]\] Section 6.5.7, "Bitwise shift operators"

...