Page History

...

Most legitimate platform dependencies can and should be isolated in separate modules that use portable interfaces but platform-specific implementations.

...

Noncompliant Code Example

This non-compliant noncompliant code example uses the complement operator in the test for unsigned integer overflow.

...

This code sample also violates INT14-C. Avoid performing bitwise and arithmetic operations on the same data.

Compliant Solution

This compliant solution implements a strictly conforming test for unsigned overflow.

unsigned int ui1, ui2, sum;

if (UINT_MAX - ui1 < ui2) {
  /* handle error condition */
}
sum = ui1 + ui2;

If the non-compliant noncompliant form of this test is truly faster, talk to your compiler vendor, because if these tests are equivalent, optimization should occur. If both forms have the same performance, prefer the portable form.

Risk Assessment

Unnecessary platform dependencies are, by definition, unnecessary. Avoiding these dependencies can eliminate porting errors resulting from invalidated assumptions.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 6, "C Language Issues" (Arithmetic Boundary Conditions, pp. 211-223)
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 3.4.1, "implementation-defined behavior," Section 3.4.4, "unspecified behavior," Appendix J.1, "Unspecified behavior," and Appendix J.3, "Implementation-defined behavior"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "BQF Unspecified Behaviour"
\[[Seacord 05a|AA. C References#Seacord 05]\] Chapter 5, "Integers"

...

      13. Miscellaneous (MSC)       MSC15-A. Do not depend on undefined behavior Image Added