...
Only use signed char and unsigned char types for the storage and use of numeric values, as this is the only way to (portably) guarantee the signedness of the character types.
Non-Compliant Code Example
This In this non-compliant code example :, the char-type variables c may be signed or unsigned. Assuming 8-bit, twos complement character types, this code may either print out i/c = 5 (unsigned) or i/c = -17 (signed). As a result, it is much more difficult to reason about the correctness of a program without knowing if these integers are signed or unsigned.
| Code Block | ||
|---|---|---|
| ||
char c = 200; int i = 1000; printf("i/c = %d\n", i/c); |
Compliant Solution
This problem is easily repaired by explicitly declaring the string variable In this compliant solution, the variable c is declared as unsigned char. The subsequent division operation is now independent of the signedness of char and consequently has a predictable result.
| Code Block | ||
|---|---|---|
| ||
unsigned char c = 200; int i = 1000; printf("i/c = %d\n", i/c); |
Risk Assessment
This is a subtle error that results in a disturbingly broad range of potentially severe vulnerabilities.
...