Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

04. Integers (INT)

Created by Robert C. Seacord, last modified by Ron Bandes on Nov 06, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

INT00-C. Understand the data model used by your implementation(s)

INT01-C. Use rsize_t or size_t for all integer values representing the size of an object

INT02-C. Understand integer conversion rules

INT03-C. Use a secure integer library

INT04-C. Enforce limits on integer values originating from untrusted sources

INT05-C. Do not use input functions to convert character data if they cannot handle all possible inputs

INT06-C. Use strtol() or a related function to convert a string token to an integer

INT07-C. Use only explicitly signed or unsigned char type for numeric values

INT08-C. Verify that all integer values are in range

INT09-C. Ensure enumeration constants map to unique values

INT10-C. Do not assume a positive remainder when using the % operator

INT11-C. Take care when converting from pointer to integer or integer to pointer

INT12-C. Do not make assumptions about the type of a plain int bit-field when used in an expression

INT13-C. Use bitwise operators only on unsigned operands

INT14-C. Avoid performing bitwise and arithmetic operations on the same data

INT15-C. Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types

INT16-C. Do not make assumptions about representation of signed integers

INT17-C. Define integer constants in an implementation-independent manner

Rules

INT30-C. Ensure that unsigned integer operations do not wrap

INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data

INT32-C. Ensure that operations on signed integers do not result in overflow

INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors

INT34-C. Do not shift a negative number of bits or more bits than exist in the operand

INT35-C. Evaluate integer expressions in a larger size before comparing or assigning to that size

INT36-C. No implicit conversion shall change the signed nature of an object or reduce the number of bits in that object

Risk Assessment Summary

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
INT00-C	high	unlikely	high	P3	L3
INT01-C	medium	probable	medium	P8	L2
INT02-C	medium	probable	medium	P8	L2
INT03-C	medium	probable	medium	P8	L2
INT04-C	low	probable	high	P2	L3
INT05-C	medium	probable	high	P4	L3
INT06-C	medium	probable	medium	P8	L2
INT07-C	medium	probable	medium	P8	L2
INT08-C	medium	probable	high	P4	L3
INT09-C	low	probable	medium	P4	L3
INT10-C	low	unlikely	high	P1	L3
INT11-C	low	probable	high	P2	L3
INT12-C	low	unlikely	medium	P2	L3
INT13-C	high	unlikely	medium	P6	L2
INT14-C	medium	unlikely	medium	P4	L3
INT15-C	high	unlikely	medium	P6	L2
INT16-C	medium	unlikely	medium	P4	L3
INT17-C	high	probable	low	P6	L2

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
INT30-C	high	likely	high	P9	L2
INT31-C	high	probable	high	P6	L2
INT32-C	high	likely	high	P9	L2
INT33-C	low	likely	medium	P6	L2
INT34-C	high	probable	medium	P12	L1
INT35-C	high	likely	medium	P18	L1
INT36-C	low	likely	low	P6	L2

Related Rules and Recommendations

DCL31-C. Declare identifiers before using them

FIO09-C. Be careful with binary data when transferring data across systems

EXP38-C. Do not call offsetof() on bit-field members or invalid types CERT C Secure Coding Standard

No labels