...
- Operations on two compile-time constants
- Operations on a variable and 0 (except divison by 0, of course)
- Subtracting any variable from its type's maximum. For instance, any
unsigned intmay safely be subtracted fromINTUINT_MAX. - Multiplying any variable by 0 or 1
- Division, as long as the divisor is nonzero.
- Left-shifting 0 by any number.
- Right-shifting any type maximum by any number smaller than the type size. For instance,
INTUINT_MAX >> xis valid as long asx < sizeof( int).
...
Fortify SCA Version 5.0 with the CERT C Rule Pack can detect violations of this rule.
Compass/ROSE can detect violations of this rule by ensuring that operations are checked for overflow before being performed. Be mindful of INT32-EX2, as it excuses many operations from requiring validation; including all the operations that would validate a potentially dangerous operation. For instnace, adding two unsigned int}}s together requires validation involving subtracting one of the numbers from {{UINT_MAX, which itself requires no validation, as it cannot wrap.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...