Integer truncation from casting to a smaller primitive type

c.integer_overflow.integer_truncation

Severity

low

Resource

Integer Overflow

Language

C / C++

Description

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.

Rationale

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.

The following code illustrates a vulnerable pattern detected by this rule:

void assign_int(int int_var)
{
	// VULNERABLE: Integer truncation from casting to a smaller primitive type
	char char_var = int_var;
	short short_var;

	// VULNERABLE: Integer truncation from casting to a smaller primitive type
	short_var = int_var;
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-197
OWASP Top 10 2021 - A04 : Insecure Design.
https://cwe.mitre.org/data/definitions/681
https://g.co/kgs/PCHQjJ
https://github.com/struct/mms
CERTC-INT31-C
CERTC-INT02-C