...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT35-C | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported: Astrée reports overflows due to insufficient precision. | |||||||
| Parasoft C/C++test |
| CERT_C-INT35-a | Use correct integer precisions when checking the right hand operand of the shift operator | ||||||
| PRQA QA-C | 9.2 | 1820,1821,1822,1823,1824,1840,1841,1842,1843,1844,1850,1851,1852,1853,1854 | Partially implemented |
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CWE 2.11 | CWE-681, Incorrect Conversion between Numeric Types | 2017-10-30:MITRE:Unspecified Relationship 2018-10-18:CERT:Partial Overlap |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-190 and INT35-C
Intersection( INT35-C, CWE-190) = Ø
INT35-C used to map to CWE-190 but has been replaced with a new rule that has no overlap with CWE-190.
CWE-681 and INT35-C
Intersection(INT35-C, CWE-681) = due to incorrect use of integer precision, conversion from one data type to another causing data to be omitted or translated in a way that produces unexpected values
CWE-681 - INT35-C = list1, where list1 =
- incorrect use of integer precision not related to conversion from one data type to another
list2, where list2 =
- conversion from one data type to another causing data to be omitted or translated in a way that produces unexpected values, not involving incorrect use of integer precision
CWE-681 - INT35-C =
list1, where list1 =
- incorrect use of integer precision not related to conversion from one data type to another
Bibliography
| [Dowd 2006] | Chapter 6, "C Language Issues" |
| [C99 Rationale 2003] | 6.5.7, "Bitwise Shift Operators" |
...