CERT-INT32-C_a
Synopsis
Ensure that operations on signed integers do not result in overflow.
Enabled by default
Yes
Severity/Certainty
High/High
Full description
Integer operations will overflow if the resulting value cannot be represented by the underlying representation of the integer. Signed integer overflow is undefined behavior. It is important to ensure that operations on signed integers do not result in overflow. This check warns if they are used in any of the following ways: integer operands of any pointer arithmetic, including array indexing; the assignment expression for the declaration of a variable length array; the postfix expression preceding square brackets [] or the expression in square brackets [] of a subscripted designation of an element of an array object; function arguments of type size_t or rsize_t.
Coding standards
- CERT INT32-C
Ensure that operations on signed integers do not result in overflow
- CWE 190
Integer Overflow or Wraparound
- CWE 191
Integer Underflow (Wrap or Wraparound)
- CWE 680
Integer Overflow to Buffer Overflow
Code examples
The following code example fails the check and will give a warning:
void func(signed int si_a, signed int si_b) {
int arr[10];
arr[si_a + si_b] = 1;
}
The following code example passes the check and will not give a warning about this issue:
#include <limits.h>
void f(signed int si_a, signed int si_b) {
signed int sum;
if (((si_b > 0) && (si_a > (INT_MAX - si_b))) ||
((si_b < 0) && (si_a < (INT_MIN - si_b)))) {
/* Handle error */
} else {
sum = si_a + si_b;
}
/* ... */
}
void non_critical(signed int si_a, signed int si_b) {
// This will trigger CERT-INT32-C_b.
signed int sum = si_a + si_b;
}