CodeQL queries 1.24
In a loop condition, comparison of a value of a narrow type with a value of a wide type may result in unexpected behavior if the wider value is sufficiently large (or small). This is because the narrower value may overflow. This can lead to an infinite loop.
Change the types of the compared values so that the value on the narrower side of the comparison is at least as wide as the value it is being compared with.
In this example,
bytes_received is compared against
max_get in a
while loop. However,
bytes_received is an
max_get is an
max_get is larger than
INT16_MAX, the loop condition is always
true, so the loop never
This problem is avoided in the 'GOOD' case because
bytes_received2 is an
int32_t, which is as wide as the type of
- Data type ranges
- INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
- Common Weakness Enumeration: CWE-190.
- Common Weakness Enumeration: CWE-197.
- Common Weakness Enumeration: CWE-835.