CERT-INT31-C

CERT-INT31-C_c

In this section:

Synopsis

Ensure that integer conversions do not result in lost or misinterpreted data.

Enabled by default

Yes

Severity/Certainty

High/Medium

Full description

Integer conversions, both implicit and explicit (using a cast), must be guaranteed not to result in lost or misinterpreted data. This is particularly true for integer values that originate from untrusted sources and are used in pointer arithmetic, variable length array declaration, array subscription, and library function arguments that are of unsigned char types or represent sizes.

Coding standards

CERT INT31-C: Ensure that integer conversions do not result in lost or misinterpreted data
CWE 192: Integer Coercion Error
CWE 194: Unexpected Sign Extension
CWE 195: Signed to Unsigned Conversion Error
CWE 197: Numeric Truncation Error
CWE 681: Incorrect Conversion between Numeric Types
CWE 704: Incorrect Type Conversion or Cast

Code examples

The following code example fails the check and will give a warning:

#include <string.h>
#include <stddef.h>

int *init_memory(int *array, size_t n) {
    return memset(array, 4096, n);
}

The following code example passes the check and will not give a warning about this issue:

#include <string.h>
#include <stddef.h>

int *init_memory(int *array, size_t n) {
    return memset(array, 0, n);
}

IAR Embedded Workbench for RH850 3.20.x