...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <assert.h>
#include <stdint.h>
void h(void) {
intptr_t i = (intptr_t)(void *)&i;
uintptr_t j = (uintptr_t)(void *)&j;
void *ip = (void *)i;
void *jp = (void *)j;
assert(ip == &i);
assert(jp == &j);
}
|
INT36-C-EX3: An integer may be converted to a void* and back as long as the pointer is not dereferenced, and the integer is in range (that is, the appropriate range for an intptr_t or uintptr_t).
The following POSIX code passes an integer, cast as a void* to a thread, and the thread prints the integer.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
#include <pthread.h>
void *print_int(void *ptr) {
intptr_t i = (intptr_t) ptr;
printf("The number is %jd\n", i);
return NULL;
}
int main(void) {
pthread_t thr1;
intptr_t i = 123;
int result;
if ((result = pthread_create(&thr1, NULL, print_int, (void *)i)) != 0) {
/* Handle error */
}
pthread_exit(NULL);
return 0;
}
|
Risk Assessment
Converting from pointer to integer or vice versa results in code that is not portable and may create unexpected pointers to invalid memory locations.
Rule | Severity | Likelihood | Detectable | Remediation CostRepairable | Priority | Level |
|---|---|---|---|---|---|---|
INT36-C | Low | Probable | Yes | NoHigh | P2P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| pointer-integral-cast pointer-integral-cast-implicit function-pointer-integer-cast function-pointer-integer-cast-implicit | Fully checked | ||||||
| Axivion Bauhaus Suite |
| CertC-INT36 | Fully implemented | ||||||
| Clang |
| -Wint-to-pointer-cast, -Wint-conversion | Can detect some instances of this rule, but does not detect all | ||||||
| CodeSonar |
| LANG.CAST.PC.CONST2PTR LANG.CAST.PC.INT PARSE.PCLB PARSE.PCTSSI | Conversion: integer constant to pointer Conversion: pointer/integer Pointer conversion loses bits Pointer conversion to same size integer | ||||||
| Compass/ROSE | |||||||||
| Coverity |
| PW.POINTER_CONVERSION_LOSES_BITS | Fully implemented | ||||||
| Cppcheck Premium |
| premium-cert-int36-c | |||||||
| Helix QAC |
| C0303, C0305, C0306, C0309, C0324, C0326, C0360, C0361, C0362 C++3040, C++3041, C++3042, C++3043, C++3044, C++3045, C++3046, C++3047, C++3048 | |||||||
| Klocwork |
| MISRA.CAST.OBJ_PTR_TO_INT.2012 | |||||||
| LDRA tool suite |
| 439 S, 440 S | Fully implemented | ||||||
| Parasoft C/C++test |
| CERT_C-INT36-b | A conversion should not be performed between a pointer to object type and an integer type other than 'uintptr_t' or 'intptr_t' | ||||||
| PC-lint Plus |
| 4287 | Partially supported: reports casts from pointer types to smaller integer types which lose information | ||||||
| Polyspace Bug Finder |
| Checks for unsafe conversion between pointer and integer (rule partially covered) | |||||||
| PVS-Studio |
| V527, V528, V542, V566, V601, V647, V1091 | |||||||
| RuleChecker |
| pointer-integral-cast pointer-integral-cast-implicit function-pointer-integer-cast function-pointer-integer-cast-implicit | Fully checked | ||||||
| Security Reviewer - Static Reviewer |
| CPP_05 | Fully implemented | ||||||
| SonarQube C/C++ Plugin |
| S1767 | Partially implemented |
...
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C | INT11-CPP. Take care when converting from pointer to integer or integer to pointer | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TR 24772:2013 | Pointer Casting and Pointer Type Changes [HFC] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TS 17961:2013 | Converting a pointer to integer or integer to pointer [intptrconv] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11 | CWE-587, Assignment of a Fixed Address to a Pointer | 2017-07-07: CERT: Partial overlap |
| CWE 2.11 | CWE-704 | 2017-06-14: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-758 | 2017-07-07: CERT: Rule subset of CWE |
| CWE 3.1 | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer | 2018-10-19:CERT:None |
| CWE 3.1 | CWE-466, Return of Pointer Value Outside of Expected Range | 2018-10-19:CERT:None |
CERT-CWE Mapping Notes
Key here for mapping notes
...
Intersection(INT36-C,CWE-466) = ∅
Intersection(INT36-C,CWE-466) = ∅
An example explaining the above two equations follows:
static char x[3];
char* foo() {
...