Result of multiplication cast to wider type¶
ID: java/integer-multiplication-cast-to-longKind: problemSecurity severity: Severity: warningPrecision: very-highTags: - quality - reliability - correctness - types - external/cwe/cwe-190 - external/cwe/cwe-192 - external/cwe/cwe-197 - external/cwe/cwe-681Query suites: - java-code-quality.qls - java-security-and-quality.qls
Click to see the query in the CodeQL repository
An integer multiplication that is assigned to a variable of typelong or returned from a method with return typelong may cause unexpected arithmetic overflow.
Recommendation¶
Casting to typelong before multiplying reduces the risk of arithmetic overflow.
Example¶
In the following example, the multiplication expression assigned toj causes overflow and results in the value-1651507200 instead of4000000000000000000.
inti=2000000000;longj=i*i;// causes overflow
In the following example, the assignment tok correctly avoids overflow by casting one of the operands to typelong.
inti=2000000000;longk=i*(long)i;// avoids overflow
References¶
J. Bloch and N. Gafter,Java Puzzlers: Traps, Pitfalls, and Corner Cases, Puzzle 3. Addison-Wesley, 2005.
Java Language Specification:Multiplication Operator.
SEI CERT Oracle Coding Standard for Java:NUM00-J. Detect or prevent integer overflow.
Common Weakness Enumeration:CWE-190.
Common Weakness Enumeration:CWE-192.
Common Weakness Enumeration:CWE-197.
Common Weakness Enumeration:CWE-681.