JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C and C++

LANG.CAST.RIP : Risky Integer Promotion

Summary

Bitwise operator ~ or << is applied to an operand of underlying type unsigned char or unsigned short without immediately casting the result to the underlying type of the operand.

Properties

Class Name Risky Integer Promotion
Significance style
Mnemonic LANG.CAST.RIP
Categories
Misra2004 Misra2004:10.5 If the bitwise operators ~ and << are applied to an operand of underlying type unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand
AUTOSARC++14 AUTOSARC++14:M5-0-10 If the bitwise operators ~ and << are applied to an operand with an underlying type of unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand.
MisraC++2008 MisraC++2008:5-0-10 If the bitwise operators ~ and << are applied to an operand with an underlying type of unsigned char or unsigned short, the result shall be immediately cast to the underlying type of the operand.
MisraC++2023 MisraC++2023:7.0.4 The operands of bitwise operators and shift operators shall be appropriate
CWE CWE:704 Incorrect Type Conversion or Cast
CERT-C CERT-C:EXP14-C Beware of integer promotion when performing bitwise operations on integer types smaller than int
JSF++ JSF++:183 Every possible measure should be taken to avoid type casting.
DISA-6r1 DISA-6r1:V-222612 The application must not be vulnerable to overflow attacks.
DISA-5r3 DISA-5r3:V-70277 The application must not be vulnerable to overflow attacks.
DISA-4r3 DISA-4r3:V-70277 The application must not be vulnerable to overflow attacks.
DISA-3r10 DISA-3r10:V-16808 The designer will ensure the application is not vulnerable to integer arithmetic issues.
Availability Available for C and C++.
Enabling Checks for this warning class are disabled by default, and require the unnormalized C ASTs for the project. To enable them, add the following WARNING_FILTER rule and RETAIN_UNNORMALIZED_C_AST specification to the project configuration file. 
RETAIN_UNNORMALIZED_C_AST = Yes
WARNING_FILTER += allow class="Risky Integer Promotion"
Note that retaining the unnormalized ASTs will increase the disk space used to store the project representation, and may make the analysis take longer.

Example 

#include <stdio.h>

void RIP(void)
{
    unsigned char c;
    c = 0xff;
    printf("c=%x\n", c);                                         /* no ~ or << operation */
    printf("~c=%x\n", ~c); /* 'Risky Integer Promotion' warning issued here */
    printf("(unsigned char)~c=%x\n", (unsigned char)~c);         /* result of ~ operation is immediately cast */  
}
/* This prints:
 *
 * c=ff
 * ~c=ffffff00
 * (unsigned char)~c=0
 */

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.

 

To report problems with this documentation, please visit https://support.codesecure.com/.