PRECISION.LOSS

Loss of precision

The PRECISION.LOSS checker finds instances in which an implicit cast to a smaller data type can cause a loss of precision in data.

Vulnerability and risk

Depending on the exact circumstances, this situation is potentially exploitable, for instance if it results in a buffer overflow.

Mitigation and prevention

If the loss of precision cast is intentional, the source of the cast should be masked with an appropriate bitmask. For example:

Copy
char c = (i & 0xFF);

Vulnerable code example

Copy
  void foo(int i) {
      char c;
      c = i; 
  }

Klocwork flags line 3, in which there's an implicit cast to a smaller data type, char 'c'.

Related checkers

Security training

Application security training materials provided by Secure Code Warrior.