...
This is a similar issue to the signedness of plain char, discussed in guideline INT07-C. Use only explicitly signed or unsigned char type for numeric values. A plain int bit-field that is treated as unsigned will promote to int, as long as its field width is less than that of int, because int can hold all values of the original type. This is the same behavior as that of a plain char treated as unsigned. However, a plain int bit-field treated as unsigned will promote to unsigned int, if its field width is the same as that of int. This difference makes a plain int bit-field even trickier than a plain char.
Bit-field types other than _Bool, int, signed int, and unsigned int are implementation defined. They still obey the integer promotions quoted above when the specified width is at least as narrow as CHAR_BIT*sizeof(int), but wider bit-fields are not portable.
...
This noncompliant code depends on implementation-defined behavior. It prints either -1 or 255, depending on whether a plain int bit-field is signed or unsigned.
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT12-C | low | unlikely | medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
|
...
|
|
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
Related Guidelines
This rule appears in the C++ Secure Coding Standard as : INT12-CPP. Do not make assumptions about the type of a plain int bit-field when used in an expression.
Bibliography
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.7.2, "Type specifiers" \[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "STR Bit Representations" \[[MISRA 042004|AA. Bibliography#MISRA 04]\] Rule 12.7 |
...