...
This compliant solution tests the suspect operands of the addition operation to guarantee there is no possibility of unsigned wrap.
...
This compliant solution tests the suspect unsigned operands of the subtraction operation to guarantee there is no possibility of unsigned wrap.
...
This compliant solution tests the suspect operands of the multiplication operation to guarantee that there is no unsigned integer wrap.
...
This compliant solution tests the operands of the suspect left shift operation to guarantee there is no possibility of unsigned wrap. This solution must also be compliant with INT34-C. Do not shift a negative number of bits or more bits than exist in the operand.
| Code Block | ||
|---|---|---|
| ||
unsigned int ui1, ui2, uresult;
/* Initialize ui1 and ui2 */
if ( (ui2 >= sizeof(unsigned int)*CHAR_BIT)
|| (ui1 > (UINT_MAX >> ui2))) ) {
{
/* handle error condition */
}
else {
uresult = ui1 << ui2;
}
|
Exceptions
INT32INT30-EX1. Unsigned integers can exhibit modulo behavior (wrapping) only when this behavior is necessary for the proper execution of the program. It is recommended that the variable declaration be clearly commented as supporting modulo behavior and that each operation on that integer also be clearly commented as supporting modulo behavior.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT32 INT30-C | high | likely | high | P9 | L2 |
Automated Detection
...