• Home
• org.sonarsource.dotnet
• sonar-vbnet-plugin
• 10.6.0.109712
• source code
• S3949.html

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

org.sonar.plugins.vbnet.S3949.html Maven / Gradle / Ivy

Why is this an issue?
Numbers are infinite, but the types that hold them are not. Each numeric type has hard upper and lower bounds. Try to calculate numbers beyond
those bounds, and the result will be an OverflowException. When the compilation is configured to remove integer overflow checking, the
value will be silently wrapped around from the expected positive value to a negative one, or vice versa.
Noncompliant code example
Public Function Transform(Value As Integer) As Integer
    If Value <= 0 Then Return Value
    Dim Number As Integer = Integer.MaxValue
    Return Number + Value       ' Noncompliant
End Function

Compliant solution
Public Function Transform(Value As Integer) As Long
    If Value <= 0 Then Return Value
    Dim Number As Long = Integer.MaxValue
    Return Number + Value
End Function

Resources
Standards

  
 STIG Viewer - Application Security and
  Development: V-222612 - The application must not be vulnerable to overflow attacks.