SFP Secondary Cluster: Glitch in Computation

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

This category identifies Software Fault Patterns (SFPs) within the Glitch in Computation cluster (SFP1).

Weaknesses

Assigning instead of Comparing

The code uses an operator for assignment when the intention was to perform a comparison.

Assignment of a Fixed Address to a Pointer

The software sets a pointer to a specific address other than NULL or 0.

Comparison of Classes by Name

The program compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name.

Divide By Zero

The product divides a value by zero.

Expression is Always False

The software contains an expression that will always evaluate to false.

Expression is Always True

The software contains an expression that will always evaluate to true.

Function Call With Incorrect Argument Type

The software calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.

Function Call With Incorrect Number of Arguments

The software calls a function, procedure, or routine, but the caller specifies too many arguments, or too few arguments, which may lead to undefined behavior and resul...

Function Call With Incorrect Order of Arguments

The software calls a function, procedure, or routine, but the caller specifies the arguments in an incorrect order, leading to resultant weaknesses.

Function Call With Incorrect Variable or Reference as Argument

The software calls a function, procedure, or routine, but the caller specifies the wrong variable or reference as one of the arguments, which may lead to undefined beh...

Function Call With Incorrectly Specified Argument Value

The software calls a function, procedure, or routine, but the caller specifies an argument that contains the wrong value, which may lead to resultant weaknesses.

Function Call with Incorrectly Specified Arguments

The product calls a function, procedure, or routine with arguments that are not correctly specified, leading to always-incorrect behavior and resultant weaknesses.

Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting va...

Incorrect Pointer Scaling

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

Incorrect Short Circuit Evaluation

The software contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to ...

Incorrect Type Conversion or Cast

The software does not correctly convert an object, resource, or structure from one type to a different type.

Integer Overflow or Wraparound

The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the ...

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the co...

J2EE Bad Practices: Non-serializable Object Stored in Session

The application stores a non-serializable object as an HttpSession attribute, which can hurt reliability.

J2EE Framework: Saving Unserializable Objects to Disk

When the J2EE container attempts to write unserializable objects to disk there is no guarantee that the process will complete successfully.

Missing Initialization of a Variable

The software does not initialize critical variables, which causes the execution environment to use unexpected values.

Numeric Truncation Error

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

Return of Pointer Value Outside of Expected Range

A function can return a pointer to memory that is outside of the buffer that the pointer is expected to reference.

Return of Stack Variable Address

A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.

Signed to Unsigned Conversion Error

The software uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not b...

Undefined Behavior for Input to API

The behavior of this function is undefined unless its control parameter is set to a specific value.

Unexpected Sign Extension

The software performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative,...

Unsigned to Signed Conversion Error

The software uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not...

Use of Incorrect Operator

The programmer accidentally uses the wrong operator, which changes the application logic in security-relevant ways.

Use of Pointer Subtraction to Determine Size

The application subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory ch...

Use of Uninitialized Variable

The code uses a variable that has not been initialized, leading to unpredictable or unintended results.

Use of Wrong Operator in String Comparison

The product uses the wrong operator when comparing a string, such as using "==" when the equals() method should be used instead.

Wrap-around Error

Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.

Concepts

Software Fault Pattern (SFP) Clusters

CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs).


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.