...
This compliant solution performs a postcondition test to ensure that the result of the unsigned addition operation to i is not less than the operand ui1.
| Code Block |
|---|
atomic_int i;
int ui1;
/* Initialize ui1, i */
atomic_fetch_add(&i, ui1);
if (atomic_load(&i) < ui1) {
/* handle error condition */
} |
Exceptions
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C++ Secure Coding Standard | INT30-CPP. Ensure that unsigned integer operations do not wrap |
| ISO/IEC TR 24772 | Arithmetic Wrap-around error Error [XYYFIF] |
| MITRE CWE | Integer overflow (wrap or wraparound) |
Bibliography
| [Dowd 2006] | Chapter 6, "C Language Issues" ("Arithmetic Boundary Conditions," pp. 211–223) |
| [ISO/IEC 9899:2011] | Section 6.2.5, "Types" |
| [Seacord 2005] | Chapter 5, "Integers" |
| [Viega 2005] | Section 5.2.7, "Integer Overflow" |
| [VU#551436] | |
| [Warren 2002] | Chapter 2, "Basics" |
| [Wojtczuk 2008] | |
| [xorl 2009] | "CVE-2009-1385: Linux Kernel E1000 Integer Underflow" |
...