CWARN.SIGNEDBIT

Signed bit field has only one bit

The CWARN.SIGNEDBIT checker finds instances of a signed bit field that has only one bit.

Vulnerability and risk

Signed bitfields require at least two bits, and the two possible values of the field are -1 and 0. Although it is safe to check a 1-bit signed bitfield for 0, using it as a Boolean flag, other arithmetic operations may yield unexpected results.

Vulnerable code example

1  struct BITS {
2    int n:1;
3  };
4  
5  void foo() {
6    struct BITS b;
7    b.n = 1;
8    if (b.n > 0)    
9    {
10     ...
11   }
12 }

Klocwork flags line 2, in which the 1-bit signed bitfield is defined.