V5308. OWASP. Possible overflow. The expression will be evaluated before casting. Consider casting one of the operands instead.
The analyzer has detected a suspicious type casting. The result of a binary operation is cast to a type with a large range.
Consider the example:
long multiply(int a, int b) {
return (long)(a * b);
}
Such conversion is redundant. The 'int' type automatically expands to the 'long' type.
A similar casting pattern can be used to avoid overflow, but the pattern is incorrect. The multiplication of the 'int' type variables still leads to overflow. The meaningless multiplication result is explicitly expanded to the 'long' type.
To protect against overflow correctly, cast one of the arguments to the 'long' type. Here's the fixed code:
long multiply(int a, int b) {
return (long)a * b;
}