In computer programming, an integer overflow is an anomalous condition which may cause a buffer overflow, resulting in a computer security risk where adjacent, valid program control data may be overwritten, permitting the execution of arbitrary, and potentially harmful code.
Origin
Integer numbers are frequently used in computer programs on all types of systems, since integer math operations are able to be executed quickly even on systems that do not have integrated floating-point math capabilities.
The size of the number able to be stored (and the size of the possible result) is based on the register width of the processor on which the code is to be executed. Common binary sizes for integers include 8 bits, 16 bits, 32 bits (the most common width as of 2005), 64 bits, and 128 bits.
Since a math operation may give a result larger than the available register width, an error condition may result. The ISO C99 standard (also known as printed standard ISO/IEC 9899:1999 (E)) defines the behavior of software compilers. However, this standard defines the appropriate behavior for the integer overflow case to be "undefined behavior." Different compilers may treat this error condition in various ways, including ignoring the overflow completely, and simply returning the smallest or largest portion of the result (depending on whether the system is little endian or big endian).
This can also occur if the processor has a register width capable of storing the result, but the result is stored into a variable that is too small to store the entire result.
A third possibility is that a signed integer is being used. In such a case, the overflow could not only result in an incorrect value being returned, but that the value may be reported incorrectly as an unexpectedly negative or positive value.
Security Ramifications
Integer overflows do not generally lead to exploitable conditions. However, on systems where the result is simply stored, and no error is returned (this is the general case), it may not be possible for the software to determine that the value stored is erroneous. If an integer value is used to specify the ___location of other code or variable values in memory, the resulting pointer error may be exploited to create a buffer overflow condition or to write and execute arbitrary (and possibly harmful) code to the resulting (and unexpected) position.