hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

LF for .qhelp files too

Browse Source
This commit is contained in:
Dave Bartolomeo
2018-08-26 21:12:51 -07:00
parent dfb082e34f
commit 2af82d9485
4 changed files with 132 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

80
cpp/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.qhelp
View File

@@ -1,41 +1,41 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>In a loop condition, comparison of a value of a narrow type with a value of a wide type may
result in unexpected behavior if the wider value is sufficiently large (or small). This is because
the narrower value may overflow. This can lead to an infinite loop.</p>
</overview>
<recommendation>
<p>Change the types of the compared values so that the value on the narrower side of the
comparison is at least as wide as the value it is being compared with.</p>
</recommendation>
<example>
<p>In this example, <code>bytes_received</code> is compared against <code>max_get</code> in a
<code>while</code> loop. However, <code>bytes_received</code> is an <code>int16_t</code>, and
<code>max_get</code> is an <code>int32_t</code>. Because <code>max_get</code> is larger than
<code>INT16_MAX</code>, the loop condition is always <code>true</code>, so the loop never
terminates.</p>
<p>This problem is avoided in the 'GOOD' case because <code>bytes_received2</code> is an
<code>int32_t</code>, which is as wide as the type of <code>max_get</code>.</p>
<sample src="ComparisonWithWiderType.c" />
</example>
<references>
<li>
<a href="https://docs.microsoft.com/en-us/cpp/cpp/data-type-ranges">Data type ranges</a>
</li>
<li>
<a href="https://wiki.sei.cmu.edu/confluence/display/c/INT18-C.+Evaluate+integer+expressions+in+a+larger+size+before+comparing+or+assigning+to+that+size">INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size </a>
</li>
</references>
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>In a loop condition, comparison of a value of a narrow type with a value of a wide type may
result in unexpected behavior if the wider value is sufficiently large (or small). This is because
the narrower value may overflow. This can lead to an infinite loop.</p>
</overview>
<recommendation>
<p>Change the types of the compared values so that the value on the narrower side of the
comparison is at least as wide as the value it is being compared with.</p>
</recommendation>
<example>
<p>In this example, <code>bytes_received</code> is compared against <code>max_get</code> in a
<code>while</code> loop. However, <code>bytes_received</code> is an <code>int16_t</code>, and
<code>max_get</code> is an <code>int32_t</code>. Because <code>max_get</code> is larger than
<code>INT16_MAX</code>, the loop condition is always <code>true</code>, so the loop never
terminates.</p>
<p>This problem is avoided in the 'GOOD' case because <code>bytes_received2</code> is an
<code>int32_t</code>, which is as wide as the type of <code>max_get</code>.</p>
<sample src="ComparisonWithWiderType.c" />
</example>
<references>
<li>
<a href="https://docs.microsoft.com/en-us/cpp/cpp/data-type-ranges">Data type ranges</a>
</li>
<li>
<a href="https://wiki.sei.cmu.edu/confluence/display/c/INT18-C.+Evaluate+integer+expressions+in+a+larger+size+before+comparing+or+assigning+to+that+size">INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size </a>
</li>
</references>
</qhelp>