Read Time:1 Minute, 11 Second
Description
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
When a primitive is cast to a smaller primitive, the high order bits of the large value are lost in the conversion, potentially resulting in an unexpected value that is not equal to the original value. This value may be required as an index into a buffer, a loop iterator, or simply necessary state data. In any case, the value cannot be trusted and the system will be in an undefined state. While this method may be employed viably to isolate the low bits of a value, this usage is rare, and truncation usually implies that an implementation error has occurred.
Modes of Introduction:
– Implementation
Likelihood of Exploit: Low
Related Weaknesses
CWE-681
CWE-681
CWE-681
CWE-195
CWE-196
CWE-192
CWE-194
Consequences
Integrity: Modify Memory
The true value of the data is lost and corrupted data is used.
Potential Mitigations
Phase: Implementation
Description:
Ensure that no casts, implicit or explicit, take place that move from a larger size primitive or a smaller size primitive.
CVE References
- CVE-2009-0231
- Integer truncation of length value leads to heap-based buffer overflow.
- CVE-2008-3282
- Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.
