Integer overflow

Overflow from operation between integers

expand all in page

Description

This defect occurs when an operation on integer variables can result in values that cannot be represented by the result data type. The data type of a variable determines the number of bytes allocated for the variable storage and constrains the range of allowed values.

The exact storage allocation for different floating point types depends on your processor. See Target processor type (-target).

Risk

Integer overflows on signed integers result in undefined behavior.

Fix

The fix depends on the root cause of the defect. Often the result details show a sequence of events that led to the defect. Use this event list to determine how the variables in the overflowing computation acquire their current values. You can implement the fix on any event in the sequence. If the result details do not show the event history, you can trace back using right-click options in the source code and see previous related events. See also Interpret Bug Finder Results in Polyspace Desktop User Interface.

You can fix the defect by:

  • Using a bigger data type for the result of the operation so that all values can be accommodated.

  • Checking for values that lead to the overflow and performing appropriate error handling.

To avoid overflows in general, try one of these techniques:

  • Keep integer variable values restricted to within half the range of signed integers.

  • In operations that might overflow, check for conditions that can lead to the overflow and implement wrap around or saturation behavior depending on how the result of the operation is used. The result then becomes predictable and can be safely used in subsequent computations.

See examples of fixes below.

If you do not want to fix the issue, add comments to your result or code to avoid another review. See Address Polyspace Results Through Bug Fixes or Justifications.

Examples

expand all

#include <limits.h>

int plusplus(void) {

    int var = INT_MAX;
    var++;             
    return var;
}

In the third statement of this function, the variable var is increased by one. But the value of var is the maximum integer value, so an int cannot represent one plus the maximum integer value.

Correction — Different Storage Type

One possible correction is to change data types. Store the result of the operation in a larger data type (Note that on a 32-bit machine, int and long has the same size). In this example, on a 32-bit machine, by returning a long long instead of an int, the overflow error is fixed.

#include <limits.h>

long long plusplus(void) {

    long long lvar = INT_MAX;
    lvar++;
    return lvar;
}

Result Information

Group: Numerical
Language: C | C++
Default: Off
Command-Line Syntax: INT_OVFL
Impact: Medium
CWE ID: 128, 189, 190, 191, 192

See Also

| |

Topics

Introduced in R2013b

Polyspace Bug Finder Documentation

Support