Incorrect Unsigned Comparison
Description
Checking if an unsigned variable is negative makes no sense and is usually a good indication that something is probably wrong with the code.
Examples
Insecure Code
c
unsigned int x = 5; if (x < 0) { printf("Error\n"); }Secure Code
c
unsigned int x = 5; if (x > 10) { printf("Error\n"); }Remediation
Remove or correct the comparison to ensure it is valid for unsigned variables.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0764 |
| Category | Generic |
| Severity | MEDIUM |
| CWE | CWE-697 |
| Confidence | HIGH |
| Impact | LOW |
| Likelihood | MEDIUM |
| Exploitability | COMPLEX |
| Tags | |
| OWASP | N/A |