What language is this for?
Why do you believe it’s a false-positive/false-negative?
Integeroverflows are common issues in C/CPP codes. They can lead to unexpected behaviour as well as to security issues.
Are you using
How can we reproduce the problem? Give us a self-contained snippet of code (formatted text, no screenshots)
I extended the example and noticed that sint32 over- and underflows are actually detected.
The Rule in question would be cpp:S3949. The rule actually also states that the overflow of unsigned lead to wrong values, but the scanner does not detect them.
BTW: also clang does not.
Thank you for reaching out and your patience.
We briefly discussed this rule and identified a few areas that need further clarification and improvements. I’ve recorded the main ones in this ticket: [CPP-4305] - Jira.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.