shared × unstructured — bad data written permanently, and it spreads

Signed/Unsigned Conversion Poisons a Shared Aggregate

A value that can be negative is converted to unsigned before being folded into a shared, contended total -- the conversion turns it into a huge positive number that permanently skews the aggregate.

01the recipe

In the wild

compound ofType Errors in Dynamic LanguagesCWE-195 Signed/Unsigned ConversionResource ContentioncompoundCWE-682 Incorrect Calculation

example.c

// SMELL: a signed delta cast to unsigned before joining a shared counter.
// (type errors x resource contention)
int delta = price_after - price_before;   // can be negative
shared_total += (size_t)delta;            // -5 -> ~1.8e19; the total is garbage
// many writers contend on shared_total; one negative delta poisons it for all.

// RIGHT: keep signedness consistent end to end; aggregate as signed.
long long delta = price_after - price_before;
shared_total += delta;                    // negatives subtract correctly

Casting a legitimately-negative value to an unsigned type implicitly maps it to a huge positive number (CWE-195); folded into a shared running total under contention, that one conversion produces an incorrect calculation (CWE-682) every reader of the aggregate now inherits -- permanent, not a crash. Keep the numeric type signed (and wide enough) from input through aggregation.

// observed

unsigned: one negative delta -> the shared total jumps by ~1.8e19, forever
right: signed aggregation -> negatives subtract correctly; the total stays valid

02weakness catalog

Mapped weaknesses (CWE)

On its own, this defect is catalogued by MITRE as one or more of these weaknesses. The exploitable vulnerability usually appears only when it chains or combines with another.