Integer Truncation Error
Description
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. The value cannot be trusted and the application will be in an undefined state.
Examples
Insecure Code
c
char narrow = (char) 1024;Secure Code
c
int narrow = 1024;Remediation
Ensure that the destination variable is large enough to hold the value being assigned to it. Consider using a larger data type or validating the value before assignment.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0669 |
| Category | Generic |
| Severity | MEDIUM |
| CWE | CWE-197 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | integer-truncation, data-loss |
| OWASP | N/A |
References
- https://cwe.mitre.org/data/definitions/197
- https://github.com/struct/mms
- https://cwe.mitre.org/data/definitions/681
- https://g.co/kgs/PCHQjJ