...
Type range errors, including loss of data (truncation) and loss of sign (sign errors), can occur when converting from an unsigned type to a signed type. The following non-compliant code example results in a truncation error on most implementations.
...
Type range errors, including loss of data (truncation) and loss of sign (sign errors), can occur when converting from a signed type to an unsigned type. The following code results in a loss of sign.
...
A loss of data (truncation) can occur when converting from a signed type to a signed type with less precision. The following code results can result in a truncation error on most implementations.
| Code Block | ||
|---|---|---|
| ||
signed long int sl = LONG_MAX; signed char sc; sc = (signed char)sl; /* cast eliminates warning */ |
...
INT31-EX1: C99 defines minimum ranges for standard integer types. For example, the minimum range for an object of type unsigned short int is 0 to 65,535, while the minimum range for int is -32,767 to +32,767. This means that it is not always possible to represent all possible values of an unsigned short int as an int. However, on the IA-32 architecture, for example, the actual integer range is from -2,147,483,648 to +2,147,483,647, meaning that is quite possible to represent all the values of an unsigned short int as an int on for this platformarchitecture. As a result, it is not necessary to provide a test for this conversion on IA-32. It is not possible to make assumptions about conversions without knowing the precision of the underlying types. If these tests are not provided, assumptions concerning precision must be clearly documented, as the resulting code cannot be safely ported to a system where these assumptions are invalid. A good way to document these assumptions is by using static assertions (see DCL03-A. Use a static assertion to test the value of a constant expression).
Risk Assessment
Integer truncation errors can lead to buffer overflows and the execution of arbitrary code by an attacker.
...