...
| Code Block | ||
|---|---|---|
| ||
unsigned char c = 200;
int i = 1000;
printf("i/c = %d\n", i/c);
|
Exceptions
INT07-EX1: FIO34-C. Use int to capture the return value of character IO functions mentions that certain character IO functions return a value of type int. Despite being returned in an arithmetic type, the value is not actually numeric in nature so it is acceptable to later store the result into a variable of type char.
Risk Assessment
This is a subtle error that results in a disturbingly broad range of potentially severe vulnerabilities. At the very least, this error can lead to unexpected numerical results on different platforms. Unexpected arithmetic values when applied to arrays or pointers can yield buffer overflows or other invalid memory access.
...