Page History

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard	INT31-CPP. Ensure that integer conversions do not result in lost or misinterpreted data
CERT Oracle Secure Coding Standard for Java	NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
ISO/IEC TR 24772	Numeric conversion errors [FLC]
MISRA-C	Rule 10.1 (required): The value of an expression of integer type shall not be implicitly converted to a different underlying type if: a) it is not a conversion to a wider integer type of the same signedness, or b) the expression is complex, or c) the expression is not constant and is a function argument, or d) the expression is not constant and is a return expression. Rule 10.3 (required): The value of a complex expression of integer type may only be cast to a type that is narrower and of the same signedness as the underlying type of the expression Rule 10.5 (required): If the bitwise operators `~` and `<<` are applied to an operand of underlying type `unsigned char` or `unsigned short`, the result shall be immediately cast to the underlying type of the operand Rule 12.9 (required): The unary minus operator shall not be applied to an expression whose underlying type is unsigned
MITRE CWE	CWE-192, Integer coercion error CWE-197, Numeric truncation error CWE-681, Incorrect conversion between numeric types

[Dowd 2006]	Chapter 6, "C Language Issues" ("Type Conversions," pp. 223–270)
[ISO/IEC 9899:2011]	Section 6.3.1.3, "Signed and Unsigned Integers"
[Seacord 2005a]	Chapter 5, "Integers"
[Viega 2005]	Section 5.2.9, "Truncation Error" Section 5.2.10, "Sign Extension Error" Section 5.2.11, "Signed to Unsigned Conversion Error" Section 5.2.12, "Unsigned to Signed Conversion Error"
[Warren 2002]	Chapter 2, "Basics"
[xorl 2009]	"CVE-2009-1376: Pidgin MSN SLP Integer Truncation"

...