Rule S3949 FN: Calculations should not overflow (Bug warning) is not caught by sonar scanner and it is not displayed in the report on SonarQube 8.2 version community edition

I’m using SonarQube sonarqube-8.2.0.32929 community edition, sonar scanner sonar-scanner-msbuild-4.7.1.2311-net46

The warning for the rule S3949: Calculations should not overflow (Category: Bug) is not caught by sonar scanner and it is not displayed in the report.

E.g. Analyzing :

/// <title>Calculations should not overflow</title>
/// <summary>
/// Numbers are infinite, but the types that hold them are not. Each numeric type has hard upper and lower bounds. 
/// Try to calculate or assign numbers beyond those bounds, and the result will be a value that has silently wrapped 
/// around from the expected positive value to a negative one, or vice versa.
/// </summary>

namespace SonarQubeToolVerification.Bug.Warnings
{
    public class S3949Warning
    {
        public int getTheNumber(int val)
        {
            if (val <= 0)
            {
                return val;
            }
            int num = int.MaxValue;
            return num + val;  // Noncompliant
        }
    }
}

Waiting for Bug warning:
S3949: Calculations should not overflow
but nothing displayed in the report.

Any suggestions?

Thank you @mike1970fl03 for reporting this false negative, and sorry for the delay to answer you, it unfortunately slipped under my radar…

The problem comes from the fact that you are using a constant int.MaxValue, and that we do not yet model constants. I created a ticket to add that support.

If you directly use the numeric value, you will see the issue correctly reported.

Hi @mike1970fl03,

Thank you for reporting this issue. We’ve added support for constants in this rule. It will be released with Analyzer for C# 8.9

Thank you Pavel!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.