...
This noncompliant code may result in a truncation of the value of i1 when converted to type et1 resulting in execution of either case E_A or E_B instead of default.
| Code Block | ||
|---|---|---|
| ||
enum et1 {
E_A,
E_B
};
int i1 = 5;
switch(static_cast<et1>(i1)) {
case E_A:
/* some action A */
case E_B:
/* some action B */
default:
/* error condition */
}
|
GCC 4.4.3 executes case E_A, and Microsoft VS2008 executes neither case, in this noncompliant example.
Compliant Code Example (Switch-statement)
...
| Code Block | ||
|---|---|---|
| ||
std::cout << "case A" << std::endl;
enum et1 {
E_A,
E_B
};
int i1 = 5;
if (i1 < E_A || i1 > E_B) {
/* error condition */
}
switch(static_cast<et1>(i1)) {
case E_A:
/* some action A */
case E_B:
/* some action B */
default:
/* error condition */
}
|
Noncompliant Code Example (For-loop)
...
Unexpected behavior can lead to a buffer overflow and the execution of arbitrary code by an attacker. This is most likely if the program in one case checks the value correctly and then fails to do so later. Such a situation could allow an attacker to avoid verification of a buffer's length, etc.
Automated detection should be possible for most cases, but might not be able to know if the value is guaranteed to be in-range.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT36-CPP | high | probable | high | P6 | L2 |
...