Integer coercion refers to a set of flaws pertaining to the
type casting, extension, or truncation of primitive data
types.
Time of Introduction
Implementation
Applicable Platforms
Languages
C
C++
Java
.NET
Common Consequences
Scope
Effect
Availability
Integer coercion often leads to undefined states of execution
resulting in infinite loops or crashes.
Access Control
In some cases, integer coercion errors can lead to exploitable buffer
overflow conditions, resulting in the execution of arbitrary
code.
Integrity
Integer coercion errors result in an incorrect value being stored for
the variable in question.
Likelihood of Exploit
Medium
Demonstrative Examples
Example 1
See the Examples section of the problem type Unsigned to signed
conversion error for an example of integer coercion errors.
Potential Mitigations
Phase
Description
Requirements specification: A language which throws exceptions on
ambiguous data casts might be chosen.
Architecture and Design
Design objects and program flow such that multiple or complex casts
are unnecessary
Implementation
Ensure that any data type casting that you must used is entirely
understood in order to reduce the plausibility of error in use.
Other Notes
Several flaws fall under the category of integer coercion errors. For the
most part, these errors in and of themselves result only in availability and
data integrity issues. However, in some circumstances, they may result in
other, more complicated security related flaws, such as buffer overflow
conditions.
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
Taxonomy Mappings
Mapped Taxonomy Name
Node ID
Fit
Mapped Node Name
CLASP
Integer coercion error
CERT C Secure Coding
INT02-C
Understand integer conversion rules
CERT C Secure Coding
INT05-C
Do not use input functions to convert character data if they
cannot handle all possible inputs
CERT C Secure Coding
INT31-C
Ensure that integer conversions do not result in lost or
misinterpreted data
Maintenance Notes
Within C, it might be that "coercion" is semantically different than
"casting", possibly depending on whether the programmer directly specifies
the conversion, or if the compiler does it implicitly. This has implications
for the presentation of this node and others, such as CWE-681, and whether
there is enough of a difference for these nodes to be split.
Content History
Submissions
Submission Date
Submitter
Organization
Source
CLASP
Externally Mined
Modifications
Modification Date
Modifier
Organization
Source
2008-09-08
CWE Content Team
MITRE
Internal
updated Applicable Platforms, Common Consequences,
Maintenance Notes, Relationships, Other Notes,
Taxonomy Mappings
Description
