1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
/**
* @name Signed shift
* @description Shifting a negative number is undefined behavior,
* so it is risky to shift a signed number.
* @kind problem
* @problem.severity warning
* @id cpp/signed-shift
* @tags security
* external/cwe/cwe-758
*/
// See the "Bitwise shift operators" section here:
// https://en.cppreference.com/w/cpp/language/operator_arithmetic
import cpp
import semmle.code.cpp.rangeanalysis.SimpleRangeAnalysis
from BinaryBitwiseOperation shift, Expr lhs
where
(shift instanceof LShiftExpr or shift instanceof RShiftExpr) and
lhs = shift.getLeftOperand().getFullyConverted() and
lowerBound(lhs) < 0
select shift,
"This signed shift could cause undefined behavior if the value is negative. Type of lhs: " +
lhs.getType().toString()
|
