...
When a value with integer type is converted to another integer type other than
_Bool, if the value can be represented by the new type, it is unchanged.Otherwise, if the new type is unsigned, the value is converted by repeatedly adding or subtracting one more than the maximum value that can be represented in the new type
until the value is in the range of the new type.Otherwise, the new type is signed and the value cannot be represented in it; either the result is implementation-defined or an implementation-defined signal is raised.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Automated Detection
Coverity Prevent The Coverity Prevent NEGATIVE_RETURNS and REVERSE_NEGATIVE checkers can both find violations of this rule. The NEGATIVE_RETURNS checker can find array accesses, loop bounds, and other expressions which may contain dangerous implied integer conversions that would result in unexpected behavior. The REVERSE_NEGATIVE checker can find instances where a negativity check occurs after the negative value has been used for something else. Coverity Prevent cannot discover all violations of this rule so further verification is necessary.
...