Wikipedia

Integer overflow

This is an old revision of this page, as edited by Pragma~enwiki (talk | contribs) at 09:16, 8 June 2006 (See also). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In computer programming, an integer overflow is an anomalous condition which may cause a buffer overflow, resulting in a computer security risk where adjacent, valid program control data may be overwritten, permitting the execution of arbitrary, and potentially harmful code.

Origin

Integer arithmetics are frequently used in computer programs on all types of systems, since floating-point operations may incur higher overhead (depending on processor capabilities).

The register width of the processor determines the native type of integer and the range of operand values. Typical binary sizes for integers include 8 bits, 16 bits, 32 bits (the most common width as of 2005), 64 bits, and 128 bits.

Since a math operation may give a result larger than the available register width, an error condition may result. The ISO C99 standard (also known as printed standard ISO/IEC 9899:1999 (E)) gives a formal specification for the C language. It classifies integer overflows as undefined behavior. Arithmetic on unsigned integers, however, is guaranteed never to overflow (this is apart from division by zero and other pitfalls). Unsigned integers are reduced modulo a power of two, meaning they "wrap around".

Ordinarily, signed and unsigned integers are used almost interchangeably (both wrap); the compiler will prefer non-trapping arithmetic even if trap-generating instructions are available. This has to do with execution speed and code optimization. For example, the expression "x+32760+y+5" can not be optimized as "x+y+32765" if overflows are trapped -- for some values of x and y, their behavior will differ.

Thus, in the most common case, integer values correspond to machine word, are stored in two's-complement format, have no padding bits, and silently wrap around when there is an overflow. This way, adding two positive integers will produce a negative result upon overflow.

However, it is also possible for an integer overflow to be treated as a fatal condition. In any case, a strictly conforming C program must take care to avoid potential overflows.

Security ramifications

Integer overflows do not generally lead to exploitable conditions. However, on systems where the result is simply stored, and no error is returned (this is the general case), it may not be possible for the software to determine that the value stored is erroneous. If an integer value is used to specify the ___location of other code or variable values in memory, the resulting pointer error may be exploited to create a buffer overflow condition or to write and execute arbitrary (and possibly harmful) code to the resulting (and unexpected) position.

See also

  • Phrack #60, Basic Integer Overflows
  • Phrack #60, Big Loop Integer Protection
  • "Black Hat Multimedia: Deep Knowledge USA 2002, Professional Source Code Auditing (Microsoft Powerpoint)". Retrieved July 01. {{cite web}}: Check date values in: |accessdate= (help); Unknown parameter |accessyear= ignored (|access-date= suggested) (help)
  • "Black Hat Multimedia: Deep Knowledge USA 2002, Professional Source Code Auditing (Real Media Video)". Retrieved July 01. {{cite web}}: Check date values in: |accessdate= (help); Unknown parameter |accessyear= ignored (|access-date= suggested) (help) (use rtsp protocol)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Integer_overflow&oldid=57505995"