Revision as of 11:21, 5 May 2015 edit Cloud200 (talk \| contribs) Extended confirmed users 4,720 edits →Security ramifications: improve style of the mitigation paragraph ← Previous edit		Revision as of 11:24, 5 May 2015 edit undo Cloud200 (talk \| contribs) Extended confirmed users 4,720 edits move programming languages mitigation to Mitigations section, add AddressSanitizer Next edit →
Line 44: In some situations, a program may make the assumption that a variable always contains a positive value. If the variable has a signed integer type, an overflow can cause its value to wrap and become negative. This overflow violates the program's assumption and may lead to unintended behavior. Similarly, subtracting from a small unsigned value may cause it to wrap to a large positive value which may also be an unexpected behavior. Multiplying or adding two integers may result in a value that is non-negative, but unexpectedly small. If this number is used as the number of bytes to allocate for a buffer, the buffer will be allocated unexpectedly small, leading to a potential buffer overflow. Programming languages implement various mitigation techniques against an accidental overflow: [[Ada (programming language)\|Ada]], [[Seed7]] (and certain variants of functional languages), trigger an exception condition on overflow, while [[Python (programming language)\|Python]] seamlessly converts internal representation of the number to match its growth, eventually representing it as <code>long</code> whose capability is only limited by the available memory.<ref>[https://www.python.org/doc/1.4/ref/ref5.html Python documentation], section 5.1 Arithmetic conversions.</ref> (This occurred in Python 2.4.)<ref>[https://www.python.org/dev/peps/pep-0237/ Python Enhancement Proposal 237]</ref>▼ ==Techniques for mitigating integer overflow problems== ▲Programming languages implement various mitigation techniques against an accidental overflow: [[Ada (programming language)\|Ada]], [[Seed7]] (and certain variants of functional languages), trigger an exception condition on overflow, while [[Python (programming language)\|Python]] (since 2.4) seamlessly converts internal representation of the number to match its growth, eventually representing it as <code>long</code> whose capability is only limited by the available memory.<ref>[https://www.python.org/doc/1.4/ref/ref5.html Python documentation], section 5.1 Arithmetic conversions.~~</ref> (This occurred in Python 2.4.)<ref>[https://www.python.org/dev/peps/pep-0237/ Python Enhancement Proposal 237]~~</ref> Run-time overflow detaction implementation <code>AddressSanitizer</code> is also available for [[C compiler]]s. {{main\|AddressSanitizer}} List of techniques and methods that might be used to mitigate the consequences of integer overflow:

Integer overflow: Difference between revisions