...
The C Standard, 6.5.7, paragraph 4 [ISO/IEC 9899:2011], states
...
In almost every case, an attempt to shift by a negative number of bits or by more bits than exist in the operand indicates a logic error. These issues are covered by INT34-C. Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand.
Noncompliant Code Example
This noncompliant code example performs a left shift, after verifying that the number being shifted is not negative, and the number of bits to shift is valid. The PRECISION() macro and popcount() function provide the correct precision for any integer type. (See INT35-C. Use correct integer precisions.) However, because this code does no overflow check, it can result in an unrepresentable value.
...
Compliant Solution
This compliant solution eliminates the possibility of overflow resulting from a left-shift operation:
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| ALLOC.SIZE.ADDOFLOW | Addition overflow of allocation size | ||||||
| Coverity | 6.5 | TAINTED_STATIC | Fully implemented | ||||||
| LDRA tool suite |
| 493 S, 494 S | Partially implemented | ||||||
| Polyspace Bug Finder | R2016a | Overflow from operation between integers Division | |||||||
| PRQA QA-C |
| 2800, 2801, 2802, 2803,2860,2861,2862,2863 | Fully implemented |
Related Vulnerabilities
...