CVE-2024-36618: C Int64 Increment Signed Overflow
Using an undersized literal (like `1LU`) to increment an `int64_t` variable tracking towards `INT64_MAX` produces undefined behavior. On platforms where `ULONG_MAX < INT64_MAX` (e.g., Windows LLP64), `1LU` acts as a 32-bit unsigned entity, natively coercing the operation into a signed 64-bit addition instead of unsigned. This causes a signed integer overflow
Cβgreprules fetch cve-2024-36618-c-int64-increment-signed-overflow --engine opengrepDescription
Using an undersized literal (like `1LU`) to increment an `int64_t` variable tracking towards `INT64_MAX` produces undefined behavior. On platforms where `ULONG_MAX < INT64_MAX` (e.g., Windows LLP64), `1LU` acts as a 32-bit unsigned entity, natively coercing the operation into a signed 64-bit addition instead of unsigned. This causes a signed integer overflow
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0