...
These checks can be simplified when the original type is char. Because the range of type char includes only positive values, all comparisons with negative values may be omitted.
Noncompliant Code Example
Either operation in this noncompliant code example could produce a result that overflows the range of int. When overflow occurs, the result will be incorrect.
...
| Code Block | ||
|---|---|---|
| ||
private static final BigInteger bigMaxInt = BigInteger.valueOf(Integer.MAX_VALUE);
private static final BigInteger bigMinInt = BigInteger.valueOf(Integer.MIN_VALUE);
public static BigInteger intRangeCheck(BigInteger val) throws ArithmeticException {
if (val.compareTo(bigMaxInt) == 1 ||
val.compareTo(bigMinInt) == -1) {
throw new ArithmeticException("Integer overflow");
}
return val;
}
public static int multAccum(int oldAcc, int newVal, int scale) throws ArithmeticException {
BigInteger product =
BigInteger.valueOf(newVal).multiply(BigInteger.valueOf(scale));
BigInteger res = intRangeCheck(BigInteger.valueOf(oldAcc).add(product));
return res.intValue(); // safe conversion
}
|
Noncompliant Code Example (AtomicInteger)
Operations on objects of type AtomicInteger suffer from the same overflow issues as other integer types. The solutions are generally similar to the solutions already presented; however, concurrency issues add additional complications. First, potential issues with time-of-check-time-of-use must be avoided; see rule VNA02-J. Ensure that compound operations on shared variables are atomic for more information. Second, use of an AtomicInteger creates happens-before relationships between the various threads that access it. Consequently, changes to the number of accesses or order of accesses can alter the execution of the overall program. In such cases, you must either choose to accept the altered execution or carefully craft the implementation of your compliant technique to preserve the exact number of accesses and order of accesses to the AtomicInteger.
...
INT32-C. Ensure that operations on signed integers do not result in overflow | ||||
INT32-CPP. Ensure that operations on signed integers do not result in overflow | ||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b9028605e8ace00c-da94642b-4cd1458e-9b0394aa-18684c99c2cc1e22cdd33487"><ac:plain-text-body><![CDATA[ | [ISO/IEC TR 24772:2010 | http://www.aitcnet.org/isai/] | "Wrap-around Error [XYY]" | ]]></ac:plain-text-body></ac:structured-macro> |
CWE-682, "Incorrect Calculation" | ||||
| CWE-190, "Integer Overflow or Wraparound" | |||
| CWE-191, "Integer Underflow (Wrap or Wraparound)" |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e93db65f752d560b-6e1a021d-44904f03-81e7a203-b5c0ae91dc0bb55da7f03457"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | class [ | http://download.oracle.com/javase/6/docs/api/java/util/concurrent/atomic/AtomicInteger.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="af5f9e886c156dad-6cf453e4-407f4a96-af5eb914-e38230fbc4006af2bc8ccd30"><ac:plain-text-body><![CDATA[ | [[Bloch 2005 | AA. Bibliography#Bloch 05]] | Puzzle 27: Shifty i's | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="659fcaf17db41710-9fdd2ac8-45e2405c-bfa5af5d-b2e8a066a1ed5042d8c971e3"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | [§4.2.2, "Integer Operations" | http://java.sun.com/docs/books/jls/third_edition/html/typesValues.html#4.2.2] | ]]></ac:plain-text-body></ac:structured-macro> |
| |||||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="da2d77f7bee8e483-6e87d76a-4afb4233-b39ea398-cb533b21e9a1930d474826a2"><ac:plain-text-body><![CDATA[ | [[Seacord 2005 | AA. Bibliography#Seacord 05]] | Chapter 5. Integers | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f7c24e21685b8d8d-3a65f174-43404d2d-bef3a069-f78572d7f504fb4cbb971826"><ac:plain-text-body><![CDATA[ | [[Tutorials 2008 | AA. Bibliography#Tutorials 08]] | Primitive Data Types | ]]></ac:plain-text-body></ac:structured-macro> |
...