...
Misunderstanding integer conversion rules can lead to errors, which in turn can lead to exploitable vulnerabilities. The major risks occur when narrowing the type (which requires a specific cast or assignment), converting from unsigned to signed, or converting from negative to unsigned.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| 52 S | Fully implemented | |||||||
| PRQA QA-C |
| 0290 | Fully implemented |
Related Vulnerabilities
...
ISO/IEC 9899:2011 Section 6.3, "Conversions"
ISO/IEC TR 24772 "FLC Numeric conversion errors"
MISRA Rules 10.1, 10.3, 10.5, and 12.9
...
MITRE CWE: CWE-197, "Numeric truncation error"
Bibliography
[Dowd 2006] Chapter 6, "C Language Issues" ("Type conversions," pp. 223–270)
[Seacord 2005a] Chapter 5, "Integers"
...