Platform dependencies may be embedded in code introduced to improve performance on a particular platform. This can be a dangerous practice, particularly if these dependencies are not appropriately documented during development and addressed during porting. Often, embedded platform Platform dependencies that have no performance or other benefits and should consequently be avoided as the y may introduce errors during porting.
Non-Compliant Coding Example
This non-compliant coding example used the complement operator in the test for unsigned integer overflow.
...
This solution also violates INT14-A. Distinguish bitmaps from numeric types.
Compliant Solution
This compliant solution implements a strictly conforming test for unsigned overflow.
...
If the non-compliant form of this test is truly faster, talk to your compiler vendor, because if these tests are equivalent then optimization should occur. If both forms have the same performance, prefer the portable form.
Risk Assessment
Unused values may indicate significant logic errors, possibly resulting in a denial of service condition.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC14-A | low | unlikely | medium | P2 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 6, "C Language Issues" (Arithmetic Boundary Conditions, pp. 211-223) \[[Seacord 05|AA. C References#Seacord 05]\] Chapter 5, "Integers" |
...