Shift out of range¶
ID: js/shift-out-of-rangeKind: problemSecurity severity: Severity: errorPrecision: very-highTags: - quality - reliability - correctness - external/cwe/cwe-197Query suites: - javascript-security-and-quality.qls
Click to see the query in the CodeQL repository
Shift operations in JavaScript operate on 32-bit values only, so it is not possible to shift by more than 31 positions. If the right operand of a shift operator is greater than 31, the left operand is actually only shifted by that value modulo 32.
Recommendation¶
Use standard library functions such asMath.pow to perform the required shifting. Alternatively, you can use theBigInt type if it is available on your platform.
Example¶
The following code snippet attempts to assignx the value 240 (1099511627776). In fact, however, the left operand1 is only shifted by8 (that is, 40 modulo 32), sox ends up being assigned the value 28 (256).
varx=1<<40;
A better solution would be to useMath.pow as follows:
varx=Math.pow(2,40);
Note, however, that JavaScript internally represents large numbers as floating point numbers, so numbers with a magnitude larger than 253 will be represented imprecisely.
References¶
Mozilla Developer Network:Bitwise operators.
Common Weakness Enumeration:CWE-197.