Multiplication result converted to larger type¶
ID: cpp/integer-multiplication-cast-to-long
Kind: problem
Security severity: 8.1
Severity: warning
Precision: medium
Tags:
   - reliability
   - security
   - correctness
   - types
   - external/cwe/cwe-190
   - external/cwe/cwe-192
   - external/cwe/cwe-197
   - external/cwe/cwe-681
Query suites:
   - cpp-security-extended.qls
   - cpp-security-and-quality.qls
Click to see the query in the CodeQL repository
This rule finds code that converts the result of an integer multiplication to a larger type. Since the conversion applies after the multiplication, arithmetic overflow may still occur.
The rule flags every multiplication of two non-constant integer expressions that is (explicitly or implicitly) converted to a larger integer type. The conversion is an indication that the expression would produce a result that would be too large to fit in the smaller integer type.
Recommendation¶
Use a cast to ensure that the multiplication is done using the larger integer type to avoid overflow.
Example¶
int i = 2000000000;
long j = i * i; //Wrong: due to overflow on the multiplication between ints, 
                //will result to j being -1651507200, not 4000000000000000000
long k = (long) i * i; //Correct: the multiplication is done on longs instead of ints, 
                       //and will not overflow
long l = static_cast<long>(i) * i; //Correct: modern C++
References¶
- MSDN Library: Multiplicative Operators and the Modulus Operator. 
- Cplusplus.com: Integer overflow. 
- Common Weakness Enumeration: CWE-190. 
- Common Weakness Enumeration: CWE-192. 
- Common Weakness Enumeration: CWE-197. 
- Common Weakness Enumeration: CWE-681.