Details
-
Bug
-
Resolution: Invalid
-
Not Evaluated
-
None
-
5.12.1
-
None
Description
Bug found by Veracode in qflags.h: 68.
Attack Vector: set
Number of Modules Affected: 1
Description: This assignment creates a type mismatch by populating an signed variable with an unsigned value. The unsigned integer will be implicitly cast to a signed integer, converting large positive values into negative ones. If an attacker can control the unsigned value, it may be possible to cause a buffer underwrite, which could occur if the value is used as an index into a buffer or for pointer arithmetic.
Remediation: Do not rely on implicit casts between unsigned and signed values because the result can take on an unexpected value and violate weak assumptions made elsewhere in the program.