ATH-overflow
Synopsis
An expression is implicitly converted to a narrower type, resulting in an overflow or underflow of its value.
Enabled by default
Yes
Severity/Certainty
Medium/High
Full description
An expression is implicitly converted to a narrower type, resulting in an overflow or underflow of its value. This might be unintended and can cause logic errors. Because unexpected behavior is much more likely than an application crash, such errors can be very hard to find.
Coding standards
- CERT INT31-C
Ensure that integer conversions do not result in lost or misinterpreted data
- CWE 194
Unexpected Sign Extension
- CWE 195
Signed to Unsigned Conversion Error
- CWE 196
Unsigned to Signed Conversion Error
- CWE 197
Numeric Truncation Error
- CWE 680
Integer Overflow to Buffer Overflow
Code examples
The following code example fails the check and will give a warning:
typedef int I;
typedef I J;
void f(){
J x = 375;
char c = x; //overflows to 120
}
The following code example passes the check and will not give a warning about this issue:
void f(){
int x = 35;
char c = x;
}