Revision as of 18:39, 22 February 2017 edit 128.68.49.67 (talk) →Origin ← Previous edit		Revision as of 08:06, 23 February 2017 edit undo 128.68.49.67 (talk) No edit summary Next edit →
Line 3: [[Image:Odometer rollover.jpg\|thumb\|250px\|[[Odometer]] rollover, a mechanical form of integer overflow. All digits are set to the maximum 9 and the next increment of the white digit causes a cascade of carry-over additions setting all digits to 0, but there is no higher digit to change to a 1, so the counter resets to zero. This is ''wrapping'' in contrast to ''saturating''.]] In [[computer programming]], an '''integer overflow''' occurs when an [[arithmetic]] operation attempts to create a numeric value that is outside of the range that can be represented ~~within~~with ~~the~~a ~~available~~given ~~storage~~number ~~space~~of bits - either larger than the maximum ~~representable value,~~ or lower than the minimum representable value. The most common result of an overflow is that the least significant representable bits of the result are stored; the result is said to ''wrap''. On some processors like [[graphics processing unit]]s (GPUs) and [[digital signal processor]]s (DSPs), the result [[saturation arithmetic\|saturates]]; that is, once the maximum value is reached, any attempt to increase it always returns the maximum integer value. Line 16: * 128 bits: maximum representable value 2<sup>128</sup> − 1 = 340,282,366,920,938,463,463,374,607,431,768,211,455 When an arithmetic operation produces a result larger than the maximum above, an integer overflow reduces the result to [[modulo operation\|modulo]] of the maximum possible value, retaining only the least significant bits and effectively causing a ''wrap around'';. Multiplying or adding two integers may result in a value that is unexpectedly small, and subtracting from a small ~~value~~integer may ~~also~~ cause a wrap to a large positive value (for example, 8-bit integer addition 255 + 1 results in 0, which is {{math\|256 mod 255}}, and similarly subtraction 0 - 1 results in 255, a [[two's complement]] representation of -1). {{anchor\|Security ramifications}} ~~Multiplying~~Such orwrap ~~adding two integers~~around may ~~result~~cause insecurity aproblems ~~value~~- ~~that~~if isan ~~unexpectedly~~overflown ~~small. If this number~~value is used as the number of bytes to allocate for a buffer, the buffer will be allocated unexpectedly small, leading to a potential buffer overflow and arbitrary code execution.▼ If the variable has a [[Signed number representations\|signed integer]] type, a program may make the assumption that a variable always contains a positive value. An integer overflow can cause the value to wrap and become negative, which violates the program's assumption and may lead to unexpected behavior (for example, 8-bit integer addition of 127 + 1 results in -128, a two's complement of 128).▼ ▲If the variable has a [[Signed number representations\|signed integer]] type, a program may make the assumption that a variable always contains a positive value. An integer overflow can cause the value to wrap and become negative, which violates the program's assumption and may lead to unexpected behavior (for example, 8-bit integer addition of 127 + 1 results in -128, a two's complement of 128). ▲Multiplying or adding two integers may result in a value that is unexpectedly small. If this number is used as the number of bytes to allocate for a buffer, the buffer will be allocated unexpectedly small, leading to a potential buffer overflow. ==Methods to mitigate integer overflow problems==

Integer overflow: Difference between revisions