Security Coding Module Integer Error – “You Can’t Count ...

Security Coding Module

Integer Error ¨C ¡°You Can¡¯t Count That

High¡± ¨C CS1

Summary:

Integer values that are too large or too small may fall outside the allowable range for their data

type, leading to undefined behavior that can both reduce the robustness of your code and lead to

security vulnerabilities.

Description:

Declaring a variable as type int allocates a fixed amount of space in memory. Most languages

include several integer types, including short, int, long, etc. , to allow for less or more storage.

The amount of space allocated limits the range of values that can be stored. For example, a 32-bit

int variable can hold values from -231 through 231-1.

Input or mathematical operations such as addition, subtraction, and multiplication may lead to

values that are outside of this range. This results in an integer error or overflow, which causes

undefined behavior and the resulting value will likely not be what the programmer intended.

Integer overflow is a common cause of software errors and vulnerabilities.

Risk ¨C How Can It Happen?

An integer error can lead to unexpected behavior or may be exploited to cause a program crash,

corrupt data, or allow the execution of malicious software.

Example of Occurrence:

1. There is a Facebook group called ¡°If this group reaches 4,294,967,296 it might cause an

integer overflow.¡± This value is the largest number that can fit in a 32 bit unsigned

integer. If the number of members of the group exceeded this number, it might cause an

overflow. Whether it will cause an overflow or not depends upon how Facebook is

implemented and which language is used ¨C they might use data types that can hold larger

numbers. In any case, the chances of an overflow seem remote, as roughly 2/3 of the

people on earth would be required to reach the goal of more than 4 billion members.

2. On December 25, 2004, Comair airlines was forced to ground 1,100 flights after its flight

crew scheduling software crashed. The software used a 16-bit integer (max 32,768) to

store the number of crew changes. That number was exceeded due to bad weather that

month which led to numerous crew reassignments.

3. Many Unix operating systems store time values in 32-bit signed (positive or negative)

integers, counting the number of seconds since midnight on January 1, 1970. On

Tuesday, January 19, 2038, this value will overflow, becoming a negative number.

Although the impact of this problem in 2038 is not yet known, there are concerns that

software that projects out to future dates ¨C including tools for mortgage payment and

retirement fund distribution ¨C might face problems long before then. Source: Year 2038 Problem¡±



Code Responsibly¨C How Can I Avoid Integer Error?

1. Know your limits: Familiarize yourself with the ranges available for each data

type. Since the size of C++ data types is compiler and machine dependent, it is a

good idea to run the following program to show you the limits of each variable

type.

1. Choose your data types carefully: Many programming languages include multiple data

types for storing integer values. If you have any concerns about the integer values that

you will be using, learn about the options available in the language you are using, and

choose integer types that are large enough to hold the values you will be using. One

useful strategy for reducing integer errors is to declare any variable that is used to

represent the size of an object, including integer values used as sizes, indices, loop

counters, and lengths, as size_t. The size_t type is the unsigned integer type.

2. Validate your input: Check input for ranges and reasonableness before conducting

operations.(More on this in future modules.)

Laboratory Assignment

1. Type* the program under the ¡®know your limits¡¯ section above. Compile and run (You may

see warnings about unused variables. Ignore these for now, they will be fixed later).

2. Examine the output. What is the largest possible integer value? What is the largest possible

short integer?

3. Type* the lines below into the program.

cout > ch;

cout > us;

cout ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download