...
Unsigned integers can be allowed to exhibit modulo behavior if and only if
- the variable declaration is clearly commented as supporting modulo behavior
- each operation on that integer is also clearly commented as supporting modulo behavior
- if the integer exhibiting modulo behavior contributes to the value of an integer not marked as exhibiting modulo behavior, the resulting integer must obey this rule.
Consequences
Improper range checking can lead to buffer overflows and the execution of arbitary code by an attacker.
References
- Seacord 05 Chapter 5 Integers