...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship | |
|---|---|---|---|
| CERT C | Coding StandardDCL03-C. Use a static assertion to test the value of a constant expression | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| CERT C | INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| CERT C | FIO34-C. Distinguish between characters read from a file and EOF or WEOF | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| CERT Oracle Secure Coding Standard for Java | NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| ISOISO/IEC TR 24772:2013 | Numeric Conversion Errors [FLC] | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| MISRA C:2012 | Rule 10.1 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| MISRA C:2012 | Rule 10.3 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| MISRA C:2012 | Rule 10.4 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| MISRA C:2012 | Rule 10Rule 10.6 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| MISRA C:2012 | Rule 10.7 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship | |
| CWE 2.11MITRE CWE | CWE-192, Integer Coercion Error | 2017-07-17: CERT: Exact | |
| CWE 2.11 | CWE-197, Numeric Truncation Error | 2017-06-14: CERT: Rule subset of CWE | |
| CWE 2.11 | CWE-681, Incorrect Conversion between Numeric Types | 2017-07-17: CERT: Rule subset of CWE | |
| CWE 2.11 | CWE-704 | 2017-07-17: CERT: Rule subset of CWE |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-195 and INT31-C
CWE-195 = Subset( CWE-192) INT31-C = Union( CWE-195, list) where list =
- Unsigned-to-signed conversion error
- Truncation that does not change sign
CWE-197 and INT31-C
See CWE-197 and FLP34-C
CWE-194 and INT31-C
CWE-194 = Subset( CWE-192) INT31-C = Union( CWE-194, list) where list =
- Integer conversion that truncates significant data, but without loss of sign
CWE-20 and INT31-C
See CWE-20 and ERR34-C
CWE-704 and INT31-C
CWE-704 = Union( INT31-C, list) where list =
- Improper type casts where either the source or target type is not an integral type
CWE-681 and INT31-C
CWE-681 = Union( INT31-C, FLP34-C) Intersection( INT31-C, FLP34-C) = Ø
Bibliography
| [Dowd 2006] | Chapter 6, "C Language Issues" ("Type Conversions," pp. 223–270) |
| [ISO/IEC 9899:2011] | 6.3.1.3, "Signed and Unsigned Integers" |
| [Jones 2008] | Section 6.2.6.2, "Integer Types" |
| [Seacord 2013b] | Chapter 5, "Integer Security" |
| [Viega 2005] | Section 5.2.9, "Truncation Error" Section 5.2.10, "Sign Extension Error" Section 5.2.11, "Signed to Unsigned Conversion Error" Section 5.2.12, "Unsigned to Signed Conversion Error" |
| [Warren 2002] | Chapter 2, "Basics" |
| [xorl 2009] | "CVE-2009-1376: Pidgin MSN SLP Integer Truncation" |
...