...
However, this noncompliant code example violates INT01-C. Use rsizesize_t or sizersize_t for all integer values representing the size of an object. There is also a possibility that (index + 1) could result in a signed integer overflow in violation of INT32-C. Ensure that operations on signed integers do not result in overflow.
...
Recommendation | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
INT10-C | High | Unlikely | No | HighNo | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Compass/ROSE | Could detect the specific noncompliant code example. It could identify when the result of a % operation might be negative and flag usage of that result in an array index. It could conceivably flag usage of any such result without first checking that the result is positive, but it would likely introduce many false positives | ||||||||
| Helix QAC |
| C3103 | |||||||
| LDRA tool suite |
| 584 S | Fully implemented | ||||||
| Parasoft C/C++test |
| CERT_C-INT10-a | The operands of the remainder operator '%' should be of unsigned integer types | ||||||
| Polyspace Bug Finder |
| Checks for tainted modulo operand (rec. fully covered) |
...