Jump to content

Integer overflow

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by 199.232.78.170 (talk) at 18:42, 1 July 2005. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
(diff) ← Previous revision | Latest revision (diff) | Newer revision → (diff)

Overview

In computer programming an integer overflow is an anomalous condition which may cause a buffer overflow, resulting in a computer security risk where adjacent, valid program control data may be overwritten, permitting the execution of arbitrary, and potentially harmful code.

Origin

Integer numbers are frequently used in computer programs on all types of systems, since integer math operations are able to be executed quickly even on systems that do not have integrated floating-point math capabilities.

The size of the number able to be stored (and the size of the possible result) is based on the register width of the processor on which the code is to be executed. Common binary sizes for integers include 8 bits, 16 bits, 32 bits (the most common width as of 2005), 64 bits, and 128 bits.

Since a math operation may give a result larger than the available register width, an error condition may result. The ISO C99 standard (also known as printed standard ISO/IEC 9899:1999 (E)) defines the behavior of software compilers. However, this standard defines the appropriate behavior for the integer overflow case to be "undefined behavior." Different compilers may treat this error condition in various ways, including ignoring the overflow completely, and simply returning the small (little endian) or large (big endian) portion of the result.

This can also occur if the processor has a register width capable of storing the result, but the result is stored into a variable that is too small to store the entire result.

Security Ramifications

Integer overflows do not generally lead to exploitable conditions. However, on systems where the result is simply stored, and no error is returned (this is the general case), it may not be possible for the software to determine that the value stored is erroneous. If an integer value is used to specify the location of other code or variable values in memory, the resulting pointer error may be exploited to create a buffer overflow condition or to write and execute arbitrary (and possibly harmful) code to the resulting (and unexpected) position.

See also

Black Hat Multimedia: Deep Knowledge USA 2002, Professional Source Code Auditing (Microsoft Powerpoint Presentation]
  • [rtsp://media-1.datamerica.com/blackhat/bh-usa-02/video/BH-USA-02-DOWD-HERATH-MEHTA-FLAKE.rm
Black Hat Multimedia: Deep Knowledge USA 2002, Professional Source Code Auditing (Real Media Video)]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Integer_overflow&oldid=17969805"