How To Recognize Integer Overflow Vulnerabilities

From Guidance Share
Jump to navigationJump to search

Integer overflows can be complicated and difficult to detect. The following example is an attempt to show how an integer overflow may lead to undefined looping behavior: 

short int bytesRec = 0;
char buf[SOMEBIGNUM];
while(bytesRec < MAXGET) {
bytesRec += getFromInput(buf+bytesRec);
}

In the above case, it is possible that bytesRec may overflow, continuously creating a lower number than MAXGET and also overwriting the first MAXGET-1 bytes of buf.

Retrieved from "http://guidanceshare.com/index.php?title=How_To_Recognize_Integer_Overflow_Vulnerabilities&oldid=4186"