...
This noncompliant code example is taken from a vulnerability in bash versions 1.14.6 and earlier that resulted in the release of CERT Advisory CA-1996-22. This vulnerability resulted from the sign extension of character data referenced by the string pointer in the yy_string_get() function in the parse.y module of the bash source code:
...
This example, however, is in violation of STR04-C. Use plain char for characters in the basic character set.
Compliant Solution
In this compliant solution, the result of the expression *string++ is cast to (unsigned char) before assignment to the int variable c.
...
In this noncompliant example, the result of the cast of *s to unsigned int may result in a value in excess of UCHAR_MAX because of integer promotions, consequently causing the function to violate VOID Guarantee that array indices are within the valid range, leading to undefined behavior.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| 434 S | Fully implemented. | |||||||
Fortify SCA | V. 5.0 | Can detect violations of this rule with CERT C Rule Pack. | |||||||
Compass/ROSE | Can detect violations of this rule when checking for violations of INT07-C. Use only explicitly signed or unsigned char type for numeric values. | ||||||||
GCC | 2.95 and later | Detects objects of type | |||||||
| charcast | Fully implemented. | |||||||
| PRQA QA·CQA-C |
| Fully implemented |
...
ISO/IEC TR 17961 (Draft) Conversion of signed characters to wider integer types before a check for EOF [signconv]
MISRA Rule 6.1, "The plain char type shall be used only for the storage and use of character values"
MITRE CWE: CWE-704, "Incorrect type conversion or cast"
Bibliography
[xorl 2009] CVE-2009-0887: Linux-PAM Signedness Issue
...