CWARN.SIGNEDBIT
Signed bit field has only one bit
The CWARN.SIGNEDBIT checker finds instances of a signed bit field that has only one bit.
Vulnerability and risk
Signed bitfields require at least two bits, and the two possible values of the field are -1 and 0. Although it is safe to check a 1-bit signed bitfield for 0, using it as a Boolean flag, other arithmetic operations may yield unexpected results.
Vulnerable code example
1 struct BITS { 2 int n:1; 3 }; 4 5 void foo() { 6 struct BITS b; 7 b.n = 1; 8 if (b.n > 0) 9 { 10 ... 11 } 12 }
Klocwork flags line 2, in which the 1-bit signed bitfield is defined.