...
This non-compliant coding example used the complement operator in the test for unsigned integer overflow.
| Code Block | ||
|---|---|---|
| ||
unsigned int ui1, ui2, sum;
if (~ui1 < ui2) {
/* handle error condition */
}
sum = ui1 + ui2;
|
...
This compliant solution implements a fully portable strictly conforming test for unsigned overflow.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 6, "C Language Issues" (Arithmetic Boundary Conditions, pp. 211-223)
\[[Seacord 05|AA. C References#Seacord 05]\] Chapter 5, "Integers" |
...
MSC13MSC12-A. Detect and remove code that has no effectunused values 14. Miscellaneous (MSC)