Content deleted Content added
No edit summary Tags: Visual edit Mobile edit Mobile web edit |
m Reverted edits by 36.75.123.179 (talk) to last version by Finlay McWalter |
||
Line 30:
Such wraparound may cause security problems—if an overflowed value is used as the number of bytes to allocate for a buffer, the buffer will be allocated unexpectedly small, potentially leading to a buffer overflow which, depending on the usage of the buffer, might in turn cause arbitrary code execution.
If the variable has a [[Signed number representations|signed integer]] type, a program may make the assumption that a variable always contains a positive value. An integer overflow can cause the value to wrap and become negative, which violates the program's assumption and may lead to unexpected behavior (for example, 8-bit integer addition of 127 + 1 results in −128, a two's complement of 128). (A solution for this particular problem is to use unsigned integer types for values that a program expects and assumes will never be negative.)▼
▲type, a program may make the assumption that a variable always contains a positive value. An integer overflow can cause the value to wrap and become negative, which violates the program's assumption and may lead to unexpected behavior (for example, 8-bit integer addition of 127 + 1 results in −128, a two's complement of 128). (A solution for this particular problem is to use unsigned integer types for values that a program expects and assumes will never be negative.)
==Flags==
Line 53 ⟶ 51:
The term underflow is most commonly used for floating-point math and not for integer math<ref>[[Arithmetic underflow]]</ref>.
But, many references can be found to integer underflow.<ref>{{cite web|url=https://cwe.mitre.org/data/definitions/191.html|title=CWE - CWE-191: Integer Underflow (Wrap or Wraparound) (3.1)|author=|date=|website=cwe.mitre.org}}</ref><ref>{{cite web|url=https://dzone.com/articles/overflow-and-underflow-data|title=Overflow And Underflow of Data Types in Java - DZone Java|author=|date=|website=dzone.com}}</ref><ref>{{cite web|url=https://medium.com/@taabishm2/integer-overflow-underflow-and-floating-point-imprecision-6ba869a99033|title=Integer Overflow/Underflow and Floating Point Imprecision.|first=Tabish|last=Mir|date=4 April 2017|website=medium.com}}</ref><ref>{{cite web|url=https://www.mozilla.org/en-US/security/advisories/mfsa2015-147/|title=Integer underflow and buffer overflow processing MP4 metadata in libstagefright|author
When the term integer underflow is used,
it means the ideal result was closer to minus infinity
Line 121 ⟶ 119:
| first = Abhishek | last = Reddy
| date = 2008-08-22
}}</ref><ref>{{Cite book|authorlink=Benjamin C. Pierce |last=Pierce |first=Benjamin C. |title=Types and Programming Languages |publisher=MIT Press |year=2002 |isbn=0-262-16209-1 |url=http://www.cis.upenn.edu/~bcpierce/tapl/}}</ref><ref>{{Cite journal|last=Wright |first=Andrew K. |author2=[[Matthias Felleisen]] |title=A Syntactic Approach to Type Soundness |journal=Information and Computation |volume=115 |issue=1 |pages=38–94 |year=1994 |url=http://citeseer.ist.psu.edu/wright92syntactic.html |doi=10.1006/inco.1994.1093}}</ref><ref>{{Cite journal
In Java 8, there are overloaded methods, for example like {{Javadoc:SE|member=addExact(int, int)|java/lang|Math|addExact(int,int)}}, which will throw {{Javadoc:SE|java/lang|ArithmeticException}} in case of overflow.
Line 144 ⟶ 142:
Microsoft / IBM MACRO Assembler (MASM) Version 1.00, and likely all other programs built by the same Pascal compiler, had an integer overflow and signedness error in the stack setup code, which prevented them from running on newer DOS machines or emulators under some common configurations with more than 512 KB of memory. The program either hangs or displays an error message and exits to DOS.<ref>{{cite web|url=https://slions.net/threads/debugging-the-ibm-personal-computer-macro-assembler-masm-version-1-00.33/|title=Debugging IBM MACRO Assembler Version 1.00|last=Lenclud|first=Christophe}}</ref>
In 2014, the music video for [[PSY]]'s [[Gangnam Style]] received so many views on [[YouTube]] that it breached the [[Gangnam Style#Miscellaneous|maximum possible viewership number]] within a signed 32-bit integer. YouTube subsequently amended the maximum count to a 64-bit integer.
In August 2016, a Casino machine at Resorts World Casino printed a prize ticket of $42,949,672.76 as a result of an overflow bug. The Casino refused to pay this amount calling it a malfunction, using in their defense that the machine clearly stated that the maximum payout was $10,000, so any prize higher than that had to be the result of a programming bug. The Iowa Supreme Court ruled in favor of the Casino.<ref>{{cite web|url=https://arstechnica.com/tech-policy/2017/06/sorry-maam-you-didnt-win-43m-there-was-a-slot-machine-malfunction|title=Sorry ma'am you didn't win $43M – there was a slot machine 'malfunction'|first=David|last=Kravets|date=June 15, 2017|website=Ars Technica}}</ref>
| |||