Recommendation¶

Guard against unexpected truncation of user-controlled arithmetic data by doing one of the following:

• Validate the user input.

• Define a guard on the cast expression, so that the cast is performed only if the input is known to be within the range of the resulting type.

• Avoid casting to a narrower type, and instead continue to use a wider type.

Example¶

In this example, a value is read from standard input into along. Because the value is a user-controlled value, it could be extremely large. Casting this value to a narrower type could therefore cause unexpected truncation. Thescaled2 example uses a guard to avoid this problem and checks the range of the input before performing the cast. If the value is too large to cast to typeint it is rejected as invalid.

classTest{publicstaticvoidmain(String[]args)throwsIOException{{longdata;BufferedReaderreaderBuffered=newBufferedReader(newInputStreamReader(System.in,"UTF-8"));StringstringNumber=readerBuffered.readLine();if(stringNumber!=null){data=Long.parseLong(stringNumber.trim());}else{data=0;}// AVOID: potential truncation if input data is very large,// for example 'Long.MAX_VALUE'intscaled=(int)data;//...// GOOD: use a guard to ensure no truncation occursintscaled2;if(data>Integer.MIN_VALUE&&data<Integer.MAX_VALUE)scaled2=(int)data;elsethrownewIllegalArgumentException("Invalid input");}}}

References¶

• SEI CERT Oracle Coding Standard for Java:NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data.

• Common Weakness Enumeration:CWE-197.

• Common Weakness Enumeration:CWE-681.