Wikipedia

Integer overflow

This is an old revision of this page, as edited by 17.202.44.59 (talk) at 22:44, 28 November 2006 (Security ramifications). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

In computer programming, an integer overflow occurs when an arithmetic operation attempts to create a numeric value that is larger than can be represented within the available storage space. For instance, adding 1 to the largest value that can be represented. The most common result in these cases is for the least significant representable bits of the result to be stored (the result is said to wrap). On some processors the result saturates, that is once the maximum value is reached attempts to make it larger simply return the maximum result.

Origin

The register width of the processor determines the the range of values that can be represented. Typical binary register widths include:

8 bits (maximum representable value 255),
16 bits (maximum representable value 65,535),
32 bits (the most common width for personal computers as of 2005, maximum representable value 4,294,967,295),
64 bits (maximum representable value 18,446,744,073,709,551,615),
128 bits.

Since an arithmetic operation may produce a result larger than the maximum representable value, an potential error condition may result. In the C programming language, for example, signed integer overflow causes undefined behavior, although arithmetic on unsigned integers, however, is reduced modulo a power of two, meaning that unsigned integers "wrap around" on overflow.

Diagram that illustrates wrapping behavior of integer representation.

In computer graphics or signal processing, it is typical to work on data that ranges from 0 to 1 or from -1 to 1. An example of this is a grayscale image where 0 represents black, 1 represents white, and values in-between represent varying shades of gray. One operation that you may want to support is brightening the image by multiplying every pixel by a constant. Saturated arithmetic allows you to just blindly multiply every pixel by that constant without worrying about overflow by just sticking to a reasonable outcome that all these pixels larger than 1 (i.e. "brighter than white") just become white and all values "darker than black" just become black.

Security ramifications

In some cases a program may be expecting a variable to always hold a positive value. If its value wraps to become negative it is possible that this unexpected behavior will result in unintended behavior.

Another common security issue is if the amount of memory to allocate wraps to an unexpectedly small value, it may lead to a heap buffer overflow.

See also

  • Phrack #60, Basic Integer Overflows
  • Phrack #60, Big Loop Integer Protection
  • Integer overflow full definition and additional information available at SearchAppSecurity.com
  • "Black Hat Multimedia: Deep Knowledge USA 2002, Professional Source Code Auditing (Microsoft Powerpoint)". Retrieved July 01. {{cite web}}: Check date values in: |accessdate= (help); Unknown parameter |accessyear= ignored (|access-date= suggested) (help)
  • "Black Hat Multimedia: Deep Knowledge USA 2002, Professional Source Code Auditing (Real Media Video)". Retrieved July 01. {{cite web}}: Check date values in: |accessdate= (help); Unknown parameter |accessyear= ignored (|access-date= suggested) (help) (use rtsp protocol)
Retrieved from "https://en.wikipedia.org/w/index.php?title=Integer_overflow&oldid=90763660"