CodeQL documentation

Result of multiplication cast to wider type

ID: java/integer-multiplication-cast-to-long
Kind: problem
Severity: warning
Precision: very-high
Tags:
   - reliability
   - correctness
   - types
   - external/cwe/cwe-190
   - external/cwe/cwe-192
   - external/cwe/cwe-197
   - external/cwe/cwe-681
Query suites:
   - java-security-and-quality.qls

Click to see the query in the CodeQL repository

An integer multiplication that is assigned to a variable of type long or returned from a method with return type long may cause unexpected arithmetic overflow.

Recommendation

Casting to type long before multiplying reduces the risk of arithmetic overflow.

Example

In the following example, the multiplication expression assigned to j causes overflow and results in the value -1651507200 instead of 4000000000000000000.

int i = 2000000000;
long j = i*i; // causes overflow

In the following example, the assignment to k correctly avoids overflow by casting one of the operands to type long.

int i = 2000000000;
long k = i*(long)i; // avoids overflow

References