CWE-194

Unexpected Sign Extension

The product performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.

Mitigation

Phase: Implementation

Description:

Avoid using signed variables if you don't need to represent negative values. When negative values are needed, perform validation after you save those values to larger data types, or before passing them to functions that are expecting unsigned values.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page