Comprehensive Categorization: Incorrect Calculation

The product divides a value by zero.

An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected ...

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

The product does not correctly calculate the length of strings that can contain wide or multi-byte characters.

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

The product processes a real number with an implementation in which the number's representation does not preserve required accuracy and precision in its fractional par...

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the o...

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the co...

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

The product subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk.

The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine ...

Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.

This view organizes weaknesses around categories that are of interest to large-scale software assurance research to support the elimination of weaknesses using ta...