...
C99 defines minimum ranges for standard integer types. For example, the minimum range for an object of type unsigned short int is 0-65,535, while the minimum range for int is -32,767 to +32,767. This means that it is not always possible to represent all possible values of an unsigned short int as an int. However, on the IA-32 architecture, for example, the actual integer range is from -2,147,483,648 +2,147,483,647, meaning that is quite possible to represent all the values of an unsigned short int as an int on this platform. As a result, it is not necessary to provide a test for this conversion on IA-32. It is not possible to make assumptions about conversions without knowing the precision of the underlying types. If these tests are not provided, assumptions concerning precision must be clearly documented, as the resulting code cannot be safely ported to a system where these assumptions are invalid.
...
Risk Assessment
Integer truncation errors can lead to buffer overflows and the execution of arbitrary code by an attacker.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
INT31-C | ||||||
Component | Value | |||||
Severity | 3 (high) | Likelihood | 2 (probable) Remediation cost | 1 (high) | P6 | L2 |
References
- ISO/IEC 9899-1999 6.3, "Conversions"
- Seacord 05 Chapter 5, "Integers"
- Warren 02 Chapter 2, "Basics"
- Viega 05 Sections 5.2.9, "Truncation error," 5.2.10, "Sign extension error," 5.2.11, "Signed to unsigned conversion error," and 5.2.12, "Unsigned to signed conversion error"