Platform dependencies may be introduced to improve performance on a particular platform. This can be a dangerous practice, particularly if these dependencies are not appropriately documented during development and addressed during porting. Platform dependencies that have no performance or other benefits should consequently be avoided as the y may introduce errors during porting.
Non-Compliant Coding Example
This non-compliant coding example used the complement operator in the test for unsigned integer overflow.
unsigned int ui1, ui2, sum;
if (~ui1 < ui2) {
/* handle error condition */
}
sum = ui1 + ui2;
This code assumes that the implementation uses two's complement representation. This assumption is commonly true, but not guaranteed by the standard.
This solution also violates INT14-A. Distinguish bitmaps from numeric types.
Compliant Solution
This compliant solution implements a strictly conforming test for unsigned overflow.
unsigned int ui1, ui2, sum;
if (UINT_MAX - ui1 < ui2) {
/* handle error condition */
}
sum = ui1 + ui2;
If the non-compliant form of this test is truly faster, talk to your compiler vendor, because if these tests are equivalent then optimization should occur. If both forms have the same performance, prefer the portable form.
Risk Assessment
Unused values may indicate significant logic errors, possibly resulting in a denial of service condition.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC14-A |
low |
unlikely |
medium |
P2 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[Dowd 06]] Chapter 6, "C Language Issues" (Arithmetic Boundary Conditions, pp. 211-223)
[[Seacord 05]] Chapter 5, "Integers"
MSC13-A. Detect and remove unused values 14. Miscellaneous (MSC)