...
| Wiki Markup |
|---|
The only value that can be considered interchangeable between pointers and integers is the constant 0. Except in this case, conversions between integers and pointers maycan have undesired consequences depending on the [implementation|BB. Definitions#implementation]. According to C99 \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] |
...
Any pointer type may be converted to an integer type. Except as previously specified, the result is implementation defined. If the result cannot be represented in the integer type, the behavior is undefined. The result need not be in the range of values of any integer type.
...
Please note that this noncompliant code example also violates guideline recommendation EXP11-C. Do not apply operators expecting one type to data of an incompatible type.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: INT11-CPP. Take care when converting from pointer to integer or integer to pointer
Bibliography
unmigrated-wiki-markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.3.2.3, "Pointers" \[[
ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] TR 24772 "HFC Pointer casting and pointer type changes" \[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE ID 466|http://cwe.mitre.org/data/definitions/466.html], "Return of Pointer Value Outside of Expected Range," and [CWE ID 587|http://cwe.mitre.org/data/definitions/587.html], "Assignment of a Fixed Address to a Pointer"
MITRE CWE: CWE-466, "Return of Pointer Value Outside of Expected Range"
MITRE CWE: CWE-587, "Assignment of a Fixed Address to a Pointer"
Bibliography
...