Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

04. Integers (INT)

Created by Robert C. Seacord, last modified by Robert Seacord on May 14, 2008

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

INT00-A. Understand the data model used by your implementation(s)

INT01-A. Use rsize_t or size_t for all integer values representing the size of an object

INT02-A. Understand integer conversion rules

INT03-A. Use a secure integer library

INT04-A. Enforce limits on integer values originating from untrusted sources

INT05-A. Do not use input functions to convert character data if they cannot handle all possible inputs

INT06-A. Use strtol() or a related function to convert a string token to an integer

INT07-A. Use only explicitly signed or unsigned char type for numeric values

INT08-A. Verify that all integer values are in range

INT09-A. Ensure enumeration constants map to unique values

INT10-A. Do not make assumptions about the sign of the remainder when using the % operator

INT11-A. Do not make assumptions about the layout of bit-field structures

INT12-A. Do not make assumptions about the type of a plain int bit-field when used in an expression

INT13-A. Do not assume that a right shift operation is implemented as a logical or an arithmetic shift

INT14-A. Avoid performing bitwise and arithmetic operations on the same data

INT15-A. Take care when converting from pointer to integer or integer to pointer

Rules

INT30-C. Ensure that unsigned integer operations do not wrap

INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data

INT32-C. Ensure that operations on signed integers do not result in overflow

INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors

INT34-C. Arguments to character handling functions must be representable as an unsigned char

INT35-C. Evaluate integer expressions in a larger size before comparing or assigning to that size

INT36-C. Do not shift a negative number of bits or more bits than exist in the operand

Risk Assessment Summary

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
INT00-A	1 (low)	1 (unlikely)	1 (high)	P1	L3
INT01-A	2 (medium)	2 (probable)	2 (medium)	P8	L2
INT02-A	2 (medium)	2 (probable)	2 (medium)	P8	L2
INT03-A	2 (medium)	2 (probable)	1 (high)	P4	L3
INT04-A	1 (low)	2 (probable)	1 (high)	P2	L3
INT05-A	2 (medium)	2 (probable)	1 (high)	P2	L3
INT06-A	2 (medium)	2 (probable)	2 (medium)	P8	L2
INT07-A	2 (medium)	2 (probable)	2 (medium)	P8	L2
INT08-A	2 (medium)	2 (probable)	1 (high)	P4	L3
INT09-A	1 (low)	1 (unlikely)	3 (low)	P3	L3
INT10-A	1 (low)	1 (unlikely)	2 (medium)	P2	L3
INT11-A	1 (low)	1 (unlikely)	2 (medium)	P2	L3
INT12-A	1 (low)	1 (unlikely)	2 (medium)	P2	L3
INT13-A	3 (high)	1 (unlikely)	2 (medium)	P6	L2
INT14-A	2 (medium)	1 (unlikely)	2 (medium)	P4	L3
INT15-A	1 (low)	2 (probable)	1 (high)	P2	L3

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
INT30-C	3 (high)	3 (likely)	1 (high)	P9	L2
INT31-C	3 (high)	2 (probable)	1 (high)	P6	L2
INT32-C	3 (high)	3 (likely)	1 (high)	P9	L2
INT33-C	1 (low)	2 (probable)	2 (medium)	P4	L3
INT35-C	3 (high)	3 (likely)	2 (medium)	P18	L1
INT36-C	3 (high)	2 (probable)	2 (medium)	P12	L1

EXP39-C. Avoid side effects in assertions 03. Expressions (EXP) INT00-A. Understand the data model used by your implementation(s)

No labels