...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
INT35-C | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported: Astrée reports overflows due to insufficient precision. | |||||||
CodeSonar |
| LANG.ARITH.BIGSHIFT | Shift Amount Exceeds Bit Width | ||||||
Cppcheck Premium |
| premium-cert-int35-c | Fully implemented | ||||||
Helix QAC |
| C0582 C++3115 | |||||||
Parasoft C/C++test |
| CERT_C-INT35-a | Use correct integer precisions when checking the right hand operand of the shift operator | ||||||
Polyspace Bug Finder |
| CERT C: Rule INT35-C | Checks for situations when integer precisions are exceeded (rule fully covered) |
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
---|---|---|
CWE 2.11 | CWE-681, Incorrect Conversion between Numeric Types | 2017-10-30:MITRE:Unspecified Relationship 2018-10-18:CERT:Partial Overlap |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-190 and INT35-C
Intersection( INT35-C, CWE-190) = Ø
INT35-C used to map to CWE-190 but has been replaced with a new rule that has no overlap with CWE-190.
CWE-681 and INT35-C
Intersection(INT35-C, CWE-681) = due to incorrect use of integer precision, conversion from one data type to another causing data to be omitted or translated in a way that produces unexpected values
CWE-681 - INT35-C = list2, where list2 =
- conversion from one data type to another causing data to be omitted or translated in a way that produces unexpected values, not involving incorrect use of integer precision
INT35-C - CWE-681= list1, where list1 =
- incorrect use of integer precision not related to conversion from one data type to another
Bibliography
[Dowd 2006] | Chapter 6, "C Language Issues" |
[C99 Rationale 2003] | 6.5.7, "Bitwise Shift Operators" |
...