Integer values that originate from untrusted sources must be guaranteed correct if they are used in any of the following ways:
- as an array index
- in any pointer arithmetic
- as a length or size of an object
- as the bound of an array (for example, a loop counter)
- as an argument to a memory allocation function
- in security critical code
Integer values can be invalidated due to exceptional conditions such as overflow, truncation, or sign error leading to exploitable vulnerabilities. Failure to provide proper range checking can also lead to exploitable vulnerabilities.
Recommendations
INT00-A. Understand the data model used by your implementation(s)
...