MSC14-A. Do not introduce unnecessary platform dependencies

Platform dependencies may be introduced to improve performance on a particular platform. This can be a dangerous practice, particularly if these dependencies are not appropriately documented during development and addressed during porting. Platform dependencies that have no performance or other benefits should consequently be avoided as the y may introduce errors during porting.

Most legitimate platform dependencies can and should be isolated in separate modules that use portable interfaces but platform-specific implementations.

Non-Compliant Coding Example

This non-compliant coding example used the complement operator in the test for unsigned integer overflow.

unsigned int ui1, ui2, sum;

if (~ui1 < ui2) {
  /* handle error condition */
}
sum = ui1 + ui2;

This code assumes that the implementation uses two's complement representation. This assumption is commonly true, but not guaranteed by the standard.

This solution also violates INT14-A. Distinguish bitmaps from numeric types.

Compliant Solution

This compliant solution implements a strictly conforming test for unsigned overflow.

unsigned int ui1, ui2, sum;

if (UINT_MAX - ui1 < ui2) {
  /* handle error condition */
}
sum = ui1 + ui2;

If the non-compliant form of this test is truly faster, talk to your compiler vendor, because if these tests are equivalent then optimization should occur. If both forms have the same performance, prefer the portable form.

Risk Assessment

Unused values may indicate significant logic errors, possibly resulting in a denial of service condition.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[Dowd 06]] Chapter 6, "C Language Issues" (Arithmetic Boundary Conditions, pp. 211-223)
[[Seacord 05]] Chapter 5, "Integers"

MSC13-A. Detect and remove unused values      14. Miscellaneous (MSC)       MSC15-A. Do not depend on undefined behavior