[CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation

### Query PR

https://github.com/github/codeql/pull/8247

### Language

C/C++

### CVE(s) ID list

[CVE-2021-43618](https://nvd.nist.gov/vuln/detail/CVE-2021-43618)

### CWE

CWE-190: Integer Overflow or Wraparound

### Report

1. in integer overflow, signed or unsigned.
2. when the multiplication result overflows, we can get truncated data, which can lead to problems when using the result. (pointer offset, memory allocation).
3. The query is looking for an explicit late conversion that would have happened anyway.
4. The subsequent transformation makes the detection either a security error detection or a stylistic error detection.

### Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

- [X] Yes
- [ ] No

### Blog post link

https://twitter.com/ihsinme/status/1501068796202782725

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

[CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation #550

Query PR

Language

CVE(s) ID list

CWE

Report

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

Blog post link

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

[CPP]: Add query for CWE-190: Integer Overflow or Wraparound when using transform after operation #550

Description

Query PR

Language

CVE(s) ID list

CWE

Report

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

Blog post link

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions