LANG.CAST.VALUE : キャストによる値変更

キャストによる型変換が、値変更を引き起こします。

クラス名

Cast Alters Value

日本語クラス名

キャストによる値変更

クラス分類

セキュリティ (security)

ニーモニック

LANG.CAST.VALUE

カテゴリー

MisraC2023	MisraC2023:10.3	The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category
Misra2012	Misra2012:10.3	The value of an expression shall not be assigned to an object with a narrower essential type or of a different essential type category
AUTOSARC++14	AUTOSARC++14:A4-7-1	An integer expression shall not lead to data loss.
	AUTOSARC++14:M5-0-9	An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression.
	AUTOSARC++14:M5-2-2	A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast.
	AUTOSARC++14:A7-2-1	An expression with enum underlying type shall only have values corresponding to the enumerators of the enumeration.
MisraC++2008	MisraC++2008:5-0-9	An explicit integral conversion shall not change the signedness of the underlying type of a cvalue expression.
	MisraC++2008:5-2-2	A pointer to a virtual base class shall only be cast to a pointer to a derived class by means of dynamic_cast.
	MisraC++2008:7-2-1	An expression with enum underlying type shall only have values corresponding to the enumerators of the enumeration.
MisraC++2023	MisraC++2023:8.2.1	A virtual base class shall only be cast to a derived class by means of dynamic_cast
	MisraC++2023:8.20.1	An unsigned arithmetic operation with constant operands should not wrap
CWE	CWE:20	Improper Input Validation
	CWE:192	Integer Coercion Error
	CWE:704	Incorrect Type Conversion or Cast
TS17961	TS17961:5.16-signconv	5.16. Conversion of signed characters to wider integer types before a check for EOF
CERT-C	CERT-C:API07-C	Enforce type safety
	CERT-C:INT02-C	Understand integer conversion rules
	CERT-C:INT18-C	Evaluate integer expressions in a larger size before comparing or assigning to that size
	CERT-C:INT31-C	Ensure that integer conversions do not result in lost or misinterpreted data
CERT-CPP	CERT-CPP:INT50-CPP	Do not cast to an out-of-range enumeration value
JSF++	JSF++:183	Every possible measure should be taken to avoid type casting.
	JSF++:203	Evaluation of expressions shall not lead to overflow/underflow (unless required algorithmically and then should be heavily documented).
	JSF++:212	Underflow or overflow functioning shall not be depended on in any special way.
DISA-6r1	DISA-6r1:V-222612	The application must not be vulnerable to overflow attacks.
DISA-5r3	DISA-5r3:V-70277	The application must not be vulnerable to overflow attacks.
DISA-4r3	DISA-4r3:V-70277	The application must not be vulnerable to overflow attacks.
DISA-3r10	DISA-3r10:V-16808	The designer will ensure the application is not vulnerable to integer arithmetic issues.

対応言語

C および C++ で利用可能です。

有効/無効設定

このワーニングクラスのチェックはデフォルトで有効になっています。チェックを無効にするにはプロジェクト設定ファイル（configuration file）に以下の WARNING_FILTER ルールを追加してください。

WARNING_FILTER += discard class="Cast Alters Value"

以下のような場合、型変換は値を変化させます。

大きな型から小さな型への型変換は切り捨てにより値が変化します。

符号付きから符号なしへの型変換は符号が変化します。

(C++ only) Casting a value V to enumeration type will result in undefined behavior if V is not a valid value for that enumeration.
(C code that casts an out-of range value to enumeration type will also trigger a warning, but does not result in undefined behavior.)

In many cases, a warning of this class indicates an inadvertent value change that may cause problems later. Out-of-range casts to enumeration type in C++ are more serious, since the resulting behavior is undefined rather than defined but (possibly) unexpected. Cast Alters Value warnings in this latter category will therefore generally have higher Rank.

例

/* EXAMPLE 1:  LANG.CAST.VALUE.c
 * - a simple case
 */

unsigned int lang_cast_value(void){
    int x;
    unsigned int y;

    x = -10;
    y = (unsigned int)(x+5); /* 'Cast Alters Value' warning issued here */
    return y;
}

// EXAMPLE 2: LANG.CAST.VALUE.cpp
// - casting to enumeration type in C++.
//
// Comments in the following code example use notation [x,y] to
// represent the set of values from x to y, including both x and y.

namespace lang_cast_value {

  // Value range for Color is [0,7]
  enum Color {red,    // == 0
              orange,
              yellow,
              green,
              blue,
              indigo,
              violet  // == 6
  };

  int use_color(void){
      Color a = static_cast<Color>(5);                  // ok: within range [0,7] 
      Color b = static_cast<Color>(7);                  // ok: within range [0,7] 
      Color c = static_cast<Color>(8);      // 'Cast Alters Value' warning issued here 
      Color d = static_cast<Color>(-1);     // 'Cast Alters Value' warning issued here 
      return a + b + c + d;
  }

  // Value range for Compass is [-4,3]
  enum Compass {north = -3,
                south,  // == -2
                east,   // == -1
                west    // == 0
  };

  int use_compass(void){
      Compass a = static_cast<Compass>(-5); // 'Cast Alters Value' warning issued here 
      Compass b = static_cast<Compass>(-4);             // ok: within range [-4,3] 
      Compass c = static_cast<Compass>(-2);             // ok: within range [-4,3] 
      Compass d = static_cast<Compass>(3);              // ok: within range [-4,3] 
      Compass e = static_cast<Compass>(4);  // 'Cast Alters Value' warning issued here 
      return a + b + c + d + e;
  }
}

C++ Enumeration Notes

The value range representable by an enumeration E is determined as specified in recent versions of the C++ language standard:

If an underlying type is specified for E, the range of E is that of the type.

Otherwise, the range of E is that of the smallest bit field that can represent all enumerators specified for E.

For example, suppose we have the following enumeration.

enum Walk {left, right, forward};   /* left==0, right==1, forward==2 */

A type is not specified for this enumeration, so its values are deemed to be those of the smallest bit field that can represent all enumerators specified for Walk: {0,1,2}. The values of Walk are therefore those in the interval between 0 and 3 (including both 0 and 3), which we can write as [0,3]. Note that there is no named enumerator with value 3, but it is still considered a value of Walk.

Some other example cases:

enum A{};       // Requires a 0-bit bit field.  Can only represent the value 0.
enum B{BB};     // Requires a 0-bit bit field.  Can only represent the value 0.
enum C{CC=-1};  // Requires a 1-bit signed bit field.  Can represent -1..0.
enum D{DD=1};   // Requires a 1-bit unsigned bit field.  Can represent 0..1.
enum E{EE=-2};  // Requires a 2-bit signed bit field.  Can represent -2..1.
enum F{FF=-5};  // Requires a 4-bit signed bit field.  Can represent -8..7.

関連のある設定ファイルパラメータ

設定ファイルの以下のパラメータがこのワーニングクラスのチェックに影響します。