Merge pull request #21 from trailofbits/implicit-conv-finish

Implicit conversions - polished

Author: GrosQuildu

cpp/src/security/UnsafeImplicitConversions/UnsafeImplicitConversions.qhelp

@@ -6,20 +6,29 @@
 <p>
 Integer variables may be implicitly casted to a type of different size and signedness.
 If the variable is casted to a type of smaller bit-size or different signedness without a proper bound checking, 
-then the casting may silently truncate the variable's value or make it semantically meaningless.
+then the casting may silently change the variable's value or make it semantically meaningless.
 
-This query finds implicit casts that cannot be proven to be safe. 
+Since implicit casts are introduced by the compiler, developers may be not aware of them and the compiled code
+may behave incorrectly aka may have bugs. 
+
+This query finds implicit casts that cannot be proven to be safe.
+Safe means that the input value is known to fit into destination type aka the value won't change.
 </p>
 
 </overview>
 <recommendation>
-<p>Either change variables types to avoid implicit conversions or verify that converting highlighted variables is always safe.</p>
+<p>
+Either adjust types of problematic variables to avoid implicit conversions,
+make the code validate that converting the variables is safe,
+or add explicit conversions that would make the compiler avoid introducing implicit ones.
+</p>
 
 </recommendation>
 <example>
 <sample src="UnsafeImplicitConversions.cpp" />
 
-<p>In this example, the call to <code>malloc_wrapper</code> may silently truncate <code>large</code> variable, and so the allocated buffer will be of smaller size than the <code>test</code> function expects.</p>
+<p>In this example, the call to <code>malloc_wrapper</code> may silently truncate <code>large</code> variable
+so that the allocated buffer will be of smaller size than the <code>test</code> function expects.</p>
 </example>
 
 </qhelp>