SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 77

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 78

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
Conversions can occur explicitly as the result of a cast or implicitly as required by an operation. While conversions are generally required for the correct execution of a program, they can also lead to lost or misinterpreted data.  Conversion of an operand value to a compatible type causes no change to the value or the representation \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\].

...

Integer promotions require the promotion of each variable (c1 and c2) to int size. The two int values are added and the sum truncated to fit into the char type. Integer promotions are performed to avoid arithmetic errors resulting from the overflow of intermediate values. For example:

Code Block
signed char cresult, c1, c2, c3;
c1 = 100;
c2 = 3;
c3 = 4;
cresult = c1 * c2 / c3;

...

Every integer type has an integer conversion rank that determines how conversions are performed. The ranking is based on the concept that each integer type contains at least as many bits as the types ranked below it. The following rules for determining integer conversion rank are defined in C99:\

  • No two different signed integer types have the same rank, even if they have the same representation.
  • The rank of a signed integer type is greater than the rank of any signed integer type with less precision.
  • The rank of long long int is greater than the rank of long int, which is greater than the rank of int, which is greater than the rank of short int, which is greater than the rank of signed char.
  • The rank of any unsigned integer type is equal to the rank of the corresponding signed integer type, if any.
  • The rank of any standard integer type is greater than the rank of any extended integer type with the same width.
  • The rank of char is equal to the rank of signed char and unsigned char.
  • The rank of any extended signed integer type relative to another extended signed integer type with the same precision is implementation defined but still subject to the other rules for determining the integer conversion rank.
  • For all integer types T1, T2, and T3, if T1 has greater rank than T2, and T2 has greater rank than T3, then T1 has greater rank than T3.

...

Noncompliant Code Example (Comparison)

Care The program must be taken careful when performing operations on mixed types. This noncompliant code example shows an idiosyncrasy of integer promotions.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: INT02-CPP. Understand integer conversion rules

Bibliography

unmigrated-wiki-markup

\[[Dowd 2006|AA. Bibliography#Dowd 06]\] Chapter 6, "C Language Issues" (Type Conversions 223—270) \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.3, "Conversions" \[[

ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] TR 24772 "FLC Numeric Conversion Errors" \[[MISRA 2004|AA. Bibliography#MISRA 04]\]

MISRA Rules Rules 10.1, 10.3, 10.5, and 12.9

MITRE CWE: CWE-192, "Integer Coercion Error"

MITRE CWE: CWE-197, "Numeric Truncation Error"

Bibliography

Wiki Markup

\[[MITREDowd 20072006|AA. Bibliography#MITREBibliography#Dowd 0706]\] [CWE ID 192|http://cwe.mitre.org/data/definitions/192.html]Chapter 6, "IntegerC CoercionLanguage ErrorIssues"; [CWE(Type ID 197|http://cwe.mitre.org/data/definitions/197.html], "Numeric Truncation Error"Conversions 223—270)
\[[Seacord 2005a|AA. Bibliography#Seacord 05]\] Chapter 5, "Integers"

...