CodeQL documentation

Implicit downcast from bitfield

ID: cpp/implicit-bitfield-downcast
Kind: problem
Security severity: 
Severity: warning
Precision: high
   - reliability
   - correctness
   - types
Query suites:
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

A bitfield may be unintentionally truncated when implicitly cast to an integer type storing fewer bits. This can lead to inaccurate iteration or allocation when the bitfield is used to count elements of a data structure, or to loss of information stored in the upper portion of the bitfield.


Use the bitfield with a wider integer type, or use an explicit cast if the truncation is intended.


In the following example, a bitfield is accessed both through a method that truncates it and through direct field access. This results in a buffer overflow in the for loop.

typedef struct {
	unsigned int x : 24;
} my_struct;

unsigned short getX(my_struct s ) {
	return s.x; //BAD: implicit truncation

unsigned int getXGood(my_struct s) {
	return s.x //GOOD: no truncation

int main (int argc, char **argv) {
	my_struct s;
	s.x = USHORT_MAX + 1;
	int* array = calloc(sizeof(int), getX(s)); //BAD: buffer allocated is smaller than intended
	for (int i = 0; i < s.x; i++) {
		array[i] = i;

	int* array2 = calloc(sizeof(int), getXGood(s)); //GOOD
	for (int i = 0; i < s.x; i++) {
		array[i] = i;


  • © GitHub, Inc.
  • Terms
  • Privacy