The function is declared to return an unsigned number but returns a signed value.
It is dangerous to rely on implicit casts between signed and unsigned numbers because the result can take on an unexpected value and violate weak assumptions made elsewhere in the program.
Example: In this example, depending on the return value of accecssmainframe()
, the variable amount
can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount
will be implicitly cast to an unsigned number.
unsigned int readdata () {
int amount = 0;
...
amount = accessmainframe();
...
return amount;
}
accessmainframe()
is -1, then the return value of readdata()
will be 4,294,967,295 on a system that uses 32-bit integers.[1] Standards Mapping - Security Technical Implementation Guide Version 3 - (STIG 3) APP3550 CAT I
[2] Standards Mapping - Common Weakness Enumeration - (CWE) CWE ID 195