Details
-
Bug
-
Resolution: Invalid
-
P1: Critical
-
None
-
5.12.1
-
None
Description
Bug found by Veracode in qfutureinterface.h: 246.
Attack Vector: set
Number of Modules Affected: 1
Description: This assignment creates a type mismatch by populating an unsigned variable with a signed value. The signed integer will be implicitly cast to an unsigned integer, converting negative values into positive ones. If an attacker can control the signed value, it may be possible to trigger a buffer overflow if the value specifies the length of a memory write.
Remediation: Do not rely on implicit casts between signed and unsigned values because the result can take on an unexpected value and violate weak assumptions made elsewhere in the program.