...
This noncompliant code example, taken adapted from the Cryptography Services blog, demonstrates how signed overflow can occur even when it seems that only unsigned types are in use:
...
On implementations where short is 16 bits wide and int is 32 bits wide, the program results in undefined behavior due to signed overflow. This is because the unsigned shorts become signed when they are automatically promoted to integer. Finally, and their mathematical product 2250000000 product (2250000000) is greater than 2147483647 (aka than the largest signed 32-bit integer (231 - 1) , which is the largest signed 32-bit integer2147483647).
Compliant Solution
In this compliant solution, by manually casting one of the operands to unsigned int, the multiplication will be unsigned and so will not result in undefined behavior:
...