CWE-194
Unexpected Sign Extension
AI Translation Available
The product performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.
Status
incomplete
Abstraction
variant
Likelihood
high
Affected Platforms
C
C++
Technical Details
AI Translation
Common Consequences
integrity
confidentiality
availability
other
Impacts
read memory
modify memory
other
Detection Methods
automated static analysis
Potential Mitigations
Phases:
implementation
Descriptions:
•
Avoid using signed variables if you don't need to represent negative values. When negative values are needed, perform validation after you save those values to larger data types, or before passing them to functions that are expecting unsigned values.