Integer overflow from unsafe use of strlen() in arithmetic

Description

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. When influenced by the size of an input it is often easier to overflow a short than an int.

Rationale

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. When influenced by the size of an input it is often easier to overflow a short than an int.

The following code illustrates a vulnerable pattern detected by this rule:

int get_length(char *string)
{
	short length;

	// VULNERABLE: Integer overflow from unsafe use of strlen() in arithmetic
	length = strlen(string);

	return length;
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-190
OWASP Top 10 2021 - A04 : Insecure Design.
https://cwe.mitre.org/data/definitions/680
https://github.com/struct/mms
CERTC-INT30-C
CERTC-INT32-C