PRECISION.LOSS
Loss of precision
The PRECISION.LOSS checker finds instances in which an implicit cast to a smaller data type can cause a loss of precision in data.
Vulnerability and risk
Depending on the exact circumstances, this situation is potentially exploitable, for instance if it results in a buffer overflow.
Mitigation and prevention
If the loss of precision cast is intentional, the source of the cast should be masked with an appropriate bitmask. For example:
Copy
char c = (i & 0xFF);
Vulnerable code example
Copy
void foo(int i) {
char c;
c = i;
}
Klocwork flags line 3, in which there's an implicit cast to a smaller data type, char 'c'.
Related checkers
External guidance
Security training
Application security training materials provided by Secure Code Warrior.