Integer values used in the following manner must be guranteed correct:
- As an array index
- In any pointer arithmetic
- As a length or size of an object
- As the bound of an array (for example, a loop counter)
- In security critical code
Recommendations
Use size_t for all integer values representing the size of an object
Rules
Provide adequate range checking
Understand integer conversion rules
Do not make assumptions about the type of a bit-field when used in an expression
Guarantee that integer conversions do not result in lost or misinterpreted data
Guarantee that integer operations do not result in an overflow