...
This code can result in an unsigned overflow during the shift operation of the unsigned operands ui1 and ui2. If this behavior is unanticipated, the resulting value may be used to allocate insufficient memory for a subsequent operation or in some other manner that could lead to an exploitable vulnerability.
References
- ISO/IEC 9899-1999 Section 6.5, "Expressions," and Section 7.10, "Sizes of integer types <limits.h>"
- Seacord 05 Chapter 5, "Integers"
- Viega 05 Section 5.2.7, "Integer overflow"
- Dowd 06 Chapter 6, "C Language Issues"