JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C and C++

LANG.CAST.VALUE : Cast Alters Value

Summary

A cast operation causes a value to be changed.

Properties

Class Name Cast Alters Value
Significance security
Mnemonic LANG.CAST.VALUE
Categories
MisraC2025 MisraC2025:10.3 The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category
MisraC2023 MisraC2023:10.3 The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category
Misra2012 Misra2012:10.3 The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category
AUTOSARC++14 AUTOSARC++14:A4-7-1 An integer expression shall not lead to data loss.
  AUTOSARC++14:M5-0-9 An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression.
  AUTOSARC++14:M5-2-2 A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast.
  AUTOSARC++14:A7-2-1 An expression with enum underlying type shall only have values corresponding to the enumerators of the enumeration.
MisraC++2008 MisraC++2008:5-0-9 An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression.
  MisraC++2008:5-2-2 A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast.
  MisraC++2008:7-2-1 An expression with enum underlying type shall only have values corresponding to the enumerators of the enumeration.
MisraC++2023 MisraC++2023:0.3.2 A function call shall not violate the function's preconditions
  MisraC++2023:8.2.1 A virtual base class shall only be cast to a derived class by means of dynamic_cast
  MisraC++2023:8.20.1 An unsigned arithmetic operation with constant operands should not wrap
CWE CWE:20 Improper Input Validation
  CWE:192 Integer Coercion Error
  CWE:704 Incorrect Type Conversion or Cast
TS17961 TS17961:5.16-signconv Conversion of signed characters to wider integer types before a check for EOF
CERT-C CERT-C:API07-C Enforce type safety
  CERT-C:INT02-C Understand integer conversion rules
  CERT-C:INT18-C Evaluate integer expressions in a larger size before comparing or assigning to that size
  CERT-C:INT31-C Ensure that integer conversions do not result in lost or misinterpreted data
CERT-CPP CERT-CPP:INT50-CPP Do not cast to an out-of-range enumeration value
JSF++ JSF++:183 Every possible measure should be taken to avoid type casting.
  JSF++:203 Evaluation of expressions shall not lead to overflow/underflow (unless required algorithmically and then should be heavily documented).
  JSF++:212 Underflow or overflow functioning shall not be depended on in any special way.
DISA-6r1 DISA-6r1:V-222612 The application must not be vulnerable to overflow attacks.
DISA-5r3 DISA-5r3:V-70277 The application must not be vulnerable to overflow attacks.
DISA-4r3 DISA-4r3:V-70277 The application must not be vulnerable to overflow attacks.
DISA-3r10 DISA-3r10:V-16808 The designer will ensure the application is not vulnerable to integer arithmetic issues.
Availability Available for C and C++.
Enabling Checks for this warning class are enabled by default. To disable them, add the following WARNING_FILTER rule to the project configuration file. 
WARNING_FILTER += discard class="Cast Alters Value"

Note

Type casting can change values in several ways:

In many cases, a warning of this class indicates an inadvertent value change that may cause problems later. Out-of-range casts to enumeration type in C++ are more serious, since the resulting behavior is undefined rather than defined but (possibly) unexpected. Cast Alters Value warnings in this latter category will therefore generally have higher Rank.

Example 

/* EXAMPLE 1:  LANG.CAST.VALUE.c
 * - a simple case
 */

unsigned int lang_cast_value(void){
    int x;
    unsigned int y;

    x = -10;
    y = (unsigned int)(x+5); /* 'Cast Alters Value' warning issued here */
    return y;
}

// EXAMPLE 2: LANG.CAST.VALUE.cpp
// - casting to enumeration type in C++.
//
// Comments in the following code example use notation [x,y] to
// represent the set of values from x to y, including both x and y.

namespace lang_cast_value {

  // Value range for Color is [0,7]
  enum Color {red,    // == 0
              orange,
              yellow,
              green,
              blue,
              indigo,
              violet  // == 6
  };

  int use_color(void){
      Color a = static_cast<Color>(5);                  // ok: within range [0,7] 
      Color b = static_cast<Color>(7);                  // ok: within range [0,7] 
      Color c = static_cast<Color>(8);      // 'Cast Alters Value' warning issued here 
      Color d = static_cast<Color>(-1);     // 'Cast Alters Value' warning issued here 
      return a + b + c + d;
  }

  // Value range for Compass is [-4,3]
  enum Compass {north = -3,
                south,  // == -2
                east,   // == -1
                west    // == 0
  };

  int use_compass(void){
      Compass a = static_cast<Compass>(-5); // 'Cast Alters Value' warning issued here 
      Compass b = static_cast<Compass>(-4);             // ok: within range [-4,3] 
      Compass c = static_cast<Compass>(-2);             // ok: within range [-4,3] 
      Compass d = static_cast<Compass>(3);              // ok: within range [-4,3] 
      Compass e = static_cast<Compass>(4);  // 'Cast Alters Value' warning issued here 
      return a + b + c + d + e;
  }
}

C++ Enumeration Notes

The value range representable by an enumeration E is determined as specified in recent versions of the C++ language standard:

For example, suppose we have the following enumeration.

enum Walk {left, right, forward};   /* left==0, right==1, forward==2 */

A type is not specified for this enumeration, so its values are deemed to be those of the smallest bit field that can represent all enumerators specified for Walk: {0,1,2}. The values of Walk are therefore those in the interval between 0 and 3 (including both 0 and 3), which we can write as [0,3]. Note that there is no named enumerator with value 3, but it is still considered a value of Walk.

Some other example cases:

enum A{};       // Requires a 0-bit bit field.  Can only represent the value 0.
enum B{BB};     // Requires a 0-bit bit field.  Can only represent the value 0.
enum C{CC=-1};  // Requires a 1-bit signed bit field.  Can represent -1..0.
enum D{DD=1};   // Requires a 1-bit unsigned bit field.  Can represent 0..1.
enum E{EE=-2};  // Requires a 2-bit signed bit field.  Can represent -2..1.
enum F{FF=-5};  // Requires a 4-bit signed bit field.  Can represent -8..7.

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.

 

To report problems with this documentation, please visit https://support.codesecure.com/.