[cfe-dev] A need for an "-fsanitize=integer-assign-overflow"
Yury Gribov
y.gribov at samsung.com
Tue Jan 21 01:15:52 PST 2014
Are we talking about signed or unsigned overflows? Both may be useful
but second isn't UB.
> The question is whether it is worth implementing.
There are some CWEs for it:
* CWE-197: Numeric Truncation Error
(http://cwe.mitre.org/data/definitions/197.html)
* CWE-192: Integer Coercion Error
(http://cwe.mitre.org/data/definitions/192.html)
-Y
More information about the cfe-dev
mailing list