[metadata]
id = "INT18-C"
type = "recommendation"
category = "INT"
number = 18
title = "Evaluate integer expressions in a larger size before comparing or assigning to that size"
description = """
If an integer expression involving an operation is compared to or assigned to a
larger integer size, that integer expression should be evaluated in that larger
size by explicitly casting one of the operands. This code example is
noncompliant on systems wheresize_tis an unsigned 32-bit value andlong longis a
64-bit value. In this example, the programmer tests for wrapping by
comparingSIZE_MAXtolength + BLOCK_HEADER_SIZE. Becauselengthis declared
assize_t, the addition is performed as a 32-bit operation and can result in
wrapping. The comparison withSIZE_MAXwill always test false. If any wrapping
occurs,malloc()will allocate insufficient space formBlock, which can lead to a
subsequent buffer overflow. #include <stdlib.h> #include <stdint.h> /* For
SIZE_MAX */ enum { BLOCK_HEADER_SIZE = 16 }; void *AllocateBlock(size_t length)
{ struct memBlock *mBlock; if (length + BLOCK_HEADER_SIZE > (unsigned long
long)SIZE_MAX) return NULL; mBlock = (struct memBlock *)malloc( length +
BLOCK_HEADER_SIZE ); if (!mBlock) { return NULL; } /* Fill in block header and
return data portion */ return mBlock; }
"""
severity = "High"
likelihood = "Likely"
priority = "P18"
level = "L1"
cert_version = "2016 Edition (Wiki)"
last_modified = "May 20, 2025"
[rules.cert_c.INT18-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/INT18-C.+Evaluate+integer+expressions+in+a+larger+size+before+comparing+or+assigning+to+that+size"
cwe = ["CWE-681", "CWE-190"]