Page History

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

Automated Detection

Fortify SCA Version 5.0 with CERT C Rule Pack is able to detect violations of this rule.

The Coverity Prevent NEGATIVE_RETURNS and REVERSE_NEGATIVE checkers both can find violations of this rule. The NEGATIVE_RETURNS checker can find array accesses, loop bounds, and other expressions that may contain dangerous implied integer conversions that would result in unexpected behavior. The REVERSE_NEGATIVE checker can find instances where a negativity check occurs after the negative value has been used for something else. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 6, "C Language Issues" (Type Conversions, pp. 223-270)
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] 6.3, "Conversions"
\[[MISRA 04|AA. C References#MISRA 04]\] Rules 10.1, 10.3, 10.5, and 12.9
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 192|http://cwe.mitre.org/data/definitions/192.html], "Integer Coercion Error", [CWE ID	197|http://cwe.mitre.org/data/definitions/197.html], "Numeric Truncation Error"
\[[Seacord 05|AA. C References#Seacord 05]\] Chapter 5, "Integers"
\[[Viega 05|AA. C References#Viega 05]\] Section 5.2.9, "Truncation error," Section 5.2.10, "Sign extension error," Section 5.2.11, "Signed to unsigned conversion error," and Section 5.2.12, "Unsigned to signed conversion error"
\[[Warren 02|AA. C References#Warren 02]\] Chapter 2, "Basics"

...