Sign change integer conversion overflow

Overflow when converting between signed and unsigned integers

expand all in page

Description

This defect occurs when converting an unsigned integer to a signed integer. If the variable does not have enough bytes to represent both the original constant and the sign bit, the conversion overflows.

The exact storage allocation for different floating point types depends on your processor. See Target processor type (-target).

Fix

The fix depends on the root cause of the defect. Often the result details show a sequence of events that led to the defect. You can implement the fix on any event in the sequence. If the result details do not show the event history, you can trace back using right-click options in the source code and see previous related events. See also Interpret Bug Finder Results in Polyspace Desktop User Interface.

See examples of fixes below.

If you do not want to fix the issue, add comments to your result or code to avoid another review. See Address Polyspace Results Through Bug Fixes or Justifications.

Examples

expand all

char sign_change(void) {
    unsigned char count = 255;

    return (char)count;
}

In the return statement, the unsigned character variable count is converted to a signed character. However, char has 8 bits, 1 for the sign of the constant and 7 to represent the number. The conversion operation overflows because 255 uses 8 bits.

Correction — Change conversion types

One possible correction is using a larger integer type. By using an int, there are enough bits to represent the sign and the number value.

int sign_change(void) {
    unsigned char count = 255;

    return (int)count;
}

Result Information

Group: Numerical
Language: C | C++
Default: On
Command-Line Syntax: SIGN_CHANGE
Impact: Medium
CWE ID: 192, 194, 195, 196

See Also

| | |

Topics

Introduced in R2013b

Polyspace Bug Finder Documentation

Support