LANG.CAST.VALUE : Cast Alters Value

A cast operation causes a value to be changed.

Class Name

Cast Alters Value

Significance

security

Mnemonic

LANG.CAST.VALUE

Categories

MisraC2023	MisraC2023:10.3	The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category
Misra2012	Misra2012:10.3	The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category
AUTOSARC++14	AUTOSARC++14:A4-7-1	An integer expression shall not lead to data loss.
	AUTOSARC++14:M5-0-9	An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression.
	AUTOSARC++14:M5-2-2	A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast.
	AUTOSARC++14:A7-2-1	An expression with enum underlying type shall only have values corresponding to the enumerators of the enumeration.
MisraC++2008	MisraC++2008:5-0-9	An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression.
	MisraC++2008:5-2-2	A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast.
	MisraC++2008:7-2-1	An expression with enum underlying type shall only have values corresponding to the enumerators of the enumeration.
MisraC++2023	MisraC++2023:8.2.1	A virtual base class shall only be cast to a derived class by means of dynamic_cast
	MisraC++2023:8.20.1	An unsigned arithmetic operation with constant operands should not wrap
CWE	CWE:20	Improper Input Validation
	CWE:192	Integer Coercion Error
	CWE:704	Incorrect Type Conversion or Cast
TS17961	TS17961:5.16-signconv	5.16. Conversion of signed characters to wider integer types before a check for EOF
CERT-C	CERT-C:API07-C	Enforce type safety
	CERT-C:INT02-C	Understand integer conversion rules
	CERT-C:INT18-C	Evaluate integer expressions in a larger size before comparing or assigning to that size
	CERT-C:INT31-C	Ensure that integer conversions do not result in lost or misinterpreted data
CERT-CPP	CERT-CPP:INT50-CPP	Do not cast to an out-of-range enumeration value
JSF++	JSF++:183	Every possible measure should be taken to avoid type casting.
	JSF++:203	Evaluation of expressions shall not lead to overflow/underflow (unless required algorithmically and then should be heavily documented).
	JSF++:212	Underflow or overflow functioning shall not be depended on in any special way.
DISA-6r1	DISA-6r1:V-222612	The application must not be vulnerable to overflow attacks.
DISA-5r3	DISA-5r3:V-70277	The application must not be vulnerable to overflow attacks.
DISA-4r3	DISA-4r3:V-70277	The application must not be vulnerable to overflow attacks.
DISA-3r10	DISA-3r10:V-16808	The designer will ensure the application is not vulnerable to integer arithmetic issues.

Availability

Available for C and C++.

Enabling

Checks for this warning class are enabled by default. To disable them, add the following WARNING_FILTER rule to the project configuration file.

WARNING_FILTER += discard class="Cast Alters Value"

Type casting can change values in several ways:

Casting from a larger type to a smaller type can change a value through truncation.

Casting from a signed type to an unsigned type can change the sign of a value.

(C++ only) Casting a value V to enumeration type will result in undefined behavior if V is not a valid value for that enumeration.
(C code that casts an out-of range value to enumeration type will also trigger a warning, but does not result in undefined behavior.)

In many cases, a warning of this class indicates an inadvertent value change that may cause problems later. Out-of-range casts to enumeration type in C++ are more serious, since the resulting behavior is undefined rather than defined but (possibly) unexpected. Cast Alters Value warnings in this latter category will therefore generally have higher Rank.

Example

/* EXAMPLE 1:  LANG.CAST.VALUE.c
 * - a simple case
 */

unsigned int lang_cast_value(void){
    int x;
    unsigned int y;

    x = -10;
    y = (unsigned int)(x+5); /* 'Cast Alters Value' warning issued here */
    return y;
}

// EXAMPLE 2: LANG.CAST.VALUE.cpp
// - casting to enumeration type in C++.
//
// Comments in the following code example use notation [x,y] to
// represent the set of values from x to y, including both x and y.

namespace lang_cast_value {

  // Value range for Color is [0,7]
  enum Color {red,    // == 0
              orange,
              yellow,
              green,
              blue,
              indigo,
              violet  // == 6
  };

  int use_color(void){
      Color a = static_cast<Color>(5);                  // ok: within range [0,7] 
      Color b = static_cast<Color>(7);                  // ok: within range [0,7] 
      Color c = static_cast<Color>(8);      // 'Cast Alters Value' warning issued here 
      Color d = static_cast<Color>(-1);     // 'Cast Alters Value' warning issued here 
      return a + b + c + d;
  }

  // Value range for Compass is [-4,3]
  enum Compass {north = -3,
                south,  // == -2
                east,   // == -1
                west    // == 0
  };

  int use_compass(void){
      Compass a = static_cast<Compass>(-5); // 'Cast Alters Value' warning issued here 
      Compass b = static_cast<Compass>(-4);             // ok: within range [-4,3] 
      Compass c = static_cast<Compass>(-2);             // ok: within range [-4,3] 
      Compass d = static_cast<Compass>(3);              // ok: within range [-4,3] 
      Compass e = static_cast<Compass>(4);  // 'Cast Alters Value' warning issued here 
      return a + b + c + d + e;
  }
}

C++ Enumeration Notes

The value range representable by an enumeration E is determined as specified in recent versions of the C++ language standard:

If an underlying type is specified for E, the range of E is that of the type.

Otherwise, the range of E is that of the smallest bit field that can represent all enumerators specified for E.

For example, suppose we have the following enumeration.

enum Walk {left, right, forward};   /* left==0, right==1, forward==2 */

A type is not specified for this enumeration, so its values are deemed to be those of the smallest bit field that can represent all enumerators specified for Walk: {0,1,2}. The values of Walk are therefore those in the interval between 0 and 3 (including both 0 and 3), which we can write as [0,3]. Note that there is no named enumerator with value 3, but it is still considered a value of Walk.

Some other example cases:

enum A{};       // Requires a 0-bit bit field.  Can only represent the value 0.
enum B{BB};     // Requires a 0-bit bit field.  Can only represent the value 0.
enum C{CC=-1};  // Requires a 1-bit signed bit field.  Can represent -1..0.
enum D{DD=1};   // Requires a 1-bit unsigned bit field.  Can represent 0..1.
enum E{EE=-2};  // Requires a 2-bit signed bit field.  Can represent -2..1.
enum F{FF=-5};  // Requires a 4-bit signed bit field.  Can represent -8..7.

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.