Incorrect Conversion between Numeric Types |
Weakness ID: 681 (Weakness Base) | Status: Draft |
Description Summary
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Example 1
In the following Java example, a float literal is cast to an integer, thus causing a loss of precision.
(Bad Code)
Example Language: Java
int i = (int) 33457.8f
Phase: Implementation Avoid making conversion between numeric types. Always check for the allowed ranges. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 136 | Type Errors | Development Concepts (primary)699 |
ChildOf | Category | 189 | Numeric Errors | Development Concepts699 |
ChildOf | Weakness Class | 704 | Incorrect Type Conversion or Cast | Research Concepts (primary)1000 |
ChildOf | Category | 738 | CERT C Secure Coding Section 04 - Integers (INT) | Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734 |
ChildOf | Category | 739 | CERT C Secure Coding Section 05 - Floating Point (FLP) | Weaknesses Addressed by the CERT C Secure Coding Standard734 |
ChildOf | Category | 808 | 2010 Top 25 - Weaknesses On the Cusp | Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)800 |
CanPrecede | Weakness Class | 682 | Incorrect Calculation | Research Concepts1000 |
ParentOf | Category | 192 | Integer Coercion Error | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 194 | Unexpected Sign Extension | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Variant | 195 | Signed to Unsigned Conversion Error | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Variant | 196 | Unsigned to Signed Conversion Error | Development Concepts (primary)699 Research Concepts (primary)1000 |
ParentOf | Weakness Base | 197 | Numeric Truncation Error | Development Concepts (primary)699 Research Concepts (primary)1000 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
CERT C Secure Coding | FLP33-C | Convert integers to floating point for floating point operations | |
CERT C Secure Coding | FLP34-C | Ensure that floating point conversions are within range of the new type | |
CERT C Secure Coding | INT15-C | Use intmax t or uintmax t for formatted IO on programmer-defined integer types | |
CERT C Secure Coding | INT31-C | Ensure that integer conversions do not result in lost or misinterpreted data | |
CERT C Secure Coding | INT35-C | Evaluate integer expressions in a larger size before comparing or assigning to that size |
Modifications | ||||
---|---|---|---|---|
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Sean Eidemiller | Cigital | External | |
added/updated demonstrative examples | ||||
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Relationships | ||||
2008-11-24 | CWE Content Team | MITRE | Internal | |
updated Description, Relationships, Taxonomy Mappings | ||||
2009-12-28 | CWE Content Team | MITRE | Internal | |
updated Applicable Platforms, Likelihood of Exploit, Potential Mitigations |