...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT35-C | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
| Tool | Version | Checker | Description | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported: Astrée reports overflows due to insufficient precision. | ||||||||||||
| CodeSonar |
| LANG.ARITH.BIGSHIFT | Shift Amount Exceeds Bit Width | |||||||||||
| Helix QAC |
| C0582 C++3115 | ||||||||||||
| Parasoft C/C++test |
| CERT_C-INT35-a | Use correct integer precisions when checking the right hand operand of the shift operator | |||||||||||
| Polyspace Bug Finder |
| CERT C: Rule INT35-C | Checks for situations when integer precisions are exceeded (rule fully covered) | PRQA QA-C | ||||||||||
| Include Page | PRQA QA-C_v | PRQA QA-C_v | 0582 |
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CWE 2.11 | CWE-681, Incorrect Conversion between Numeric Types | 2017-10-30:MITRE:Unspecified Relationship 2018-10-18:CERT:Partial Overlap |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-190 and INT35-C
Intersection( INT35-C, CWE-190) = Ø
INT35-C used to map to CWE-190 but has been replaced with a new rule that has no overlap with CWE-190.
CWE-681 and INT35-C
Intersection(INT35-C, CWE-681) = due to incorrect use of integer precision, conversion from one data type to another causing data to be omitted or translated in a way that produces unexpected values
CWE-681 - INT35-C = list2, where list2 =
- conversion from one data type to another causing data to be omitted or translated in a way that produces unexpected values, not involving incorrect use of integer precision
INT35-C - CWE-681= list1, where list1 =
- incorrect use of integer precision not related to conversion from one data type to another
Bibliography
| [Dowd 2006] | Chapter 6, "C Language Issues" |
| [C99 Rationale 2003] | 6.5.7, "Bitwise Shift Operators" |
...