CERT-INT32-C_b
Synopsis
Ensure that operations on signed integers do not result in overflow.
Enabled by default
No
Severity/Certainty
High/High
Full description
Integer operations will overflow if the resulting value cannot be represented by the underlying representation of the integer. Signed integer overflow is undefined behavior. It is important to ensure that operations on signed integers do not result in overflow. This check warns on other wrapping cases except the ones already covered by CERT-INT32-C_a.
Coding standards
- CERT INT32-C
Ensure that operations on signed integers do not result in overflow
- CWE 190
Integer Overflow or Wraparound
- CWE 191
Integer Underflow (Wrap or Wraparound)
- CWE 680
Integer Overflow to Buffer Overflow
Code examples
The following code example fails the check and will give a warning:
void func(signed int si_a, signed int si_b) {
signed int sum = si_a + si_b;
/* ... */
}
The following code example passes the check and will not give a warning about this issue:
#include <limits.h>
void f(signed int si_a, signed int si_b) {
signed int sum;
if (((si_b > 0) && (si_a > (INT_MAX - si_b))) ||
((si_b < 0) && (si_a < (INT_MIN - si_b)))) {
/* Handle error */
} else {
sum = si_a + si_b;
}
/* ... */
}