CXX.CAST.SIGNED_CHAR_TO

The CXX.CAST.SIGNED_CHAR_TO_INTEGER checker flags cases where a signed char is assigned or converted to a larger signed integer type.

Vulnerability and risk

Unexpected results including negative values.

Mitigation and prevention

Always cast a signed char to an unsigned char before converting to a larger integer size.

Vulnerable code example

Copy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
  void fun()
  {
      char *c_str="Welcome";
      unsigned char u_ch='K';
      int c;
      char ch = 'A';
 
      long var = ch;
 
     c = *c_str++;

     c = ch;

     if (c == *c_str);

     if (ch <= c);
 }

In this noncompliant example, Klocwork reports a CXX.CAST.SIGNED_CHAR_TO_INTEGER defect on lines 8, 10, 12, 14, and 16 because a signed char is being converted/assigned to a long integer type.

Fixed code example

Copy

1
2
3
4
5
6
7
8
9
10
11
12
13
  void fun()
   {
      char *c_str="Welcome";
      unsigned char u_ch='K';
      int c;
      char ch = 'A';

      c = *c_str++;
 
     c = (unsigned char)*c_str++;

     c = u_ch;
 }

In this fixed example, the char is cast to an unsigned char before it is converted to a larger integer size.

External guidance

CERT STR34-C: Cast characters to unsigned char before converting to larger integer sizes