Checkers:PRECISION.LOSS.CALL
From current
Reference > C/C++ checkers > PRECISION.LOSS.CALL
Loss of precision during function call
The PRECISION.LOSS checker finds instances in which an implicit cast to a smaller data type during a function call can cause a loss of precision in data.
Vulnerability and risk
Depending on the exact circumstances, this situation is potentially exploitable, for instance if it results in a buffer overflow.
Mitigation and prevention
If the loss of precision cast is intentional, the source of the cast should be masked with an appropriate bitmask. For example:
char c = (i & 0xFF);
Code examples
Vulnerable code example
1 void foo(unsigned char v); 2 void test(unsigned long data){ 3 foo(data); 4 }
Insight flags line 3, in which an unsigned long is converted to an unsigned char.
Related checkers
External guidance
- CWE-192: Integer Coercion Error
- CWE-197: Numeric Truncation Error
- CWE-681: Incorrect Conversion between Numeric Types
- INT31-C:Ensure that integer conversions do not result in lost or misinterpreted data
- STIG-ID:APP3550 Application is vulnerable to integer overflows