Unsafe signed-to-unsigned or unsigned-to-signed integer conversion
ID |
c.integer_overflow.signed_unsigned_conversion |
Severity |
low |
Resource |
Integer Overflow |
Language |
C / C++ |
Description
The software uses a signed primitive and performs a cast to an unsigned primitive, or uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value. When the result of a function is to be used as a size parameter, using negative return values can have unexpected results. Although less frequent an issue, unsigned-to-signed conversion can be the precursor to buffer underwrite conditions. Buffer underwrites occur frequently when large unsigned values are cast to signed values, and then used as indexes into a buffer or for pointer arithmetic.
Rationale
The software uses a signed primitive and performs a cast to an unsigned primitive, or uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value. When the result of a function is to be used as a size parameter, using negative return values can have unexpected results. Although less frequent an issue, unsigned-to-signed conversion can be the precursor to buffer underwrite conditions. Buffer underwrites occur frequently when large unsigned values are cast to signed values, and then used as indexes into a buffer or for pointer arithmetic.
The following code illustrates a vulnerable pattern detected by this rule:
int hostname = flags & FILTER_FLAG_HOSTNAME;
unsigned char i = 1;
s = domain;
// VULNERABLE: Unsafe signed-to-unsigned or unsigned-to-signed integer conversion
l = len;
e = domain + l;
t = e - 1;
// ...
return 0;
}Remediation
Follow secure coding practices and review the references below for detailed remediation guidance.