...
GCC has no options to handle shifts by negative amounts or by amounts outside the width of the type predictably or trap on them; they are always treated as undefined. Processors may reduce the shift amount modulo some quantity larger than the width of the type. For example, 32 bit shifts are implemented using the following instructions on IA-32:
...
where %eax stores the least significant bits in the double word to be shifted and %edx stores the most significant bits.
Risk Assessment
Improper range checking can lead to buffer overflows and the execution of arbitrary code by an attackerAlthough shifting a negative number of bits or more bits than exist in the operand is undefined behavior in C99, the risk is generally low because processors frequently reduce the shift amount modulo the width of the type.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT34-C | high low | probable low | medium | P12 P2 | L1 L3 |
Automated Detection
Fortify SCA Version 5.0 with CERT C Rule Pack can detect violations of this rule.
...