...
INT30-EX3. The left-shift operator takes two operands of integer type. Unsigned left shift << can exhibit modulo behavior (wrapping). This exception is provided because of common usage, because this behavior is usually expected by the programmer, and because the behavior is well defined. For examples of usage of the left-shift operator, see INT34-C. Do not shift an expression by a negative number of bits or more bits than by greater than or equal to the number of bits that exist in the operand.
Risk Assessment
Integer wrap can lead to buffer overflows and the execution of arbitrary code by an attacker.
...
| [Dowd 2006] | Chapter 6, "C Language Issues" ("Arithmetic Boundary Conditions," pp. 211–223) |
| [ISO/IEC 9899:2011] | Subclause 6.2.5, "Types" |
| [Seacord 2013] | Chapter 5, "Integer Security" |
| [Viega 2005] | Section 5.2.7, "Integer Overflow" |
| [VU#551436] | |
| [Warren 2002] | Chapter 2, "Basics" |
| [Wojtczuk 2008] | |
| [xorl 2009] | "CVE-2009-1385: Linux Kernel E1000 Integer Underflow" |
...