Information about Integer Overflow
In computer programming, an integer overflow occurs when an arithmetic operation attempts to create a numeric value that is larger than can be represented within the available storage space. For instance, adding 1 to the largest value that can be represented constitutes an integer overflow. The most common result in these cases is for the least significant representable bits of the result to be stored (the result is said to wrap). On some processors the result saturates, that is once the maximum value is reached attempts to make it larger simply return the maximum result.
Since an arithmetic operation may produce a result larger than the maximum representable value, a potential error condition may result. In the C programming language, signed integer overflow causes undefined behavior, while unsigned integer overflow causes the number to be reduced modulo a power of two, meaning that unsigned integers "wrap around" on overflow.
In computer graphics or signal processing, it is typical to work on data that ranges from 0 to 1 or from -1 to 1. An example of this is a grayscale image where 0 represents black, 1 represents white, and values in-between represent varying shades of gray. One operation that one may want to support is brightening the image by multiplying every pixel by a constant. Saturated arithmetic allows one to just blindly multiply every pixel by that constant without worrying about overflow by just sticking to a reasonable outcome that all these pixels larger than 1 (i.e. "brighter than white") just become white and all values "darker than black" just become black.
Some languages, such as Lisp and Ada, provide mechanisms that, if used, result in accidental overflow triggering an exception condition (interrupt?). Many languages do not support such functionality.
Origin
The register width of a processor determines the range of values that can be represented. Typical binary register widths include:- 8 bits (maximum representable value 255),
- 16 bits (maximum representable value 65,535),
- 32 bits (the most common width for personal computers as of 2005, maximum representable value 4,294,967,295),
- 64 bits (maximum representable value 18,446,744,073,709,551,615),
- 128 bits (maximum representable value approx. 1038 — actually, 2128 - 1)
Since an arithmetic operation may produce a result larger than the maximum representable value, a potential error condition may result. In the C programming language, signed integer overflow causes undefined behavior, while unsigned integer overflow causes the number to be reduced modulo a power of two, meaning that unsigned integers "wrap around" on overflow.
In computer graphics or signal processing, it is typical to work on data that ranges from 0 to 1 or from -1 to 1. An example of this is a grayscale image where 0 represents black, 1 represents white, and values in-between represent varying shades of gray. One operation that one may want to support is brightening the image by multiplying every pixel by a constant. Saturated arithmetic allows one to just blindly multiply every pixel by that constant without worrying about overflow by just sticking to a reasonable outcome that all these pixels larger than 1 (i.e. "brighter than white") just become white and all values "darker than black" just become black.
Security ramifications
In some situations a program may make the assumption that a variable always contains a positive value. If the variable has a signed integer type an overflow can cause its value to wrap and become negative, violating the assumption contained in the program and perhaps leading to unintended behavior. Similarly, subtracting from a small unsigned value may cause it to wrap to a large positive value which may also be an unexpected behavior. Multiplying or adding two integers may result in a value that is non-negative, but unexpectedly small. If this number is used as the number of bytes to allocate for a buffer, the buffer will be allocated unexpectedly small, leading to a potential buffer overflow.Some languages, such as Lisp and Ada, provide mechanisms that, if used, result in accidental overflow triggering an exception condition (interrupt?). Many languages do not support such functionality.
Techniques for mitigating integer overflow problems
List of techniques and methods that might be used to mitigate against the consequences of integer overflow:- The effects of integer-based attacks for C/C++ and how to defend against them by using subtyping in Efficient and Accurate Detection of Integer-based Attacks.
See also
- Arithmetic overflow
- SIGFPE
- Buffer overflow
- Heap overflow
- Stack buffer overflow
- Pointer swizzling
- Software testing
- Static code analysis
External links
- Phrack #60, Basic Integer Overflows
- Phrack #60, Big Loop Integer Protection
- How to implement efficiently in C
Computer programming (often shortened to programming or coding) is the process of writing, testing, and maintaining the source code of computer programs. The source code is written in a programming language.
..... Click the link for more information.
..... Click the link for more information.
Arithmetic or arithmetics (from the Greek word αριθμός = number) is the oldest and most elementary branch of mathematics, used by almost everyone, for tasks ranging from simple day-to-day counting to advanced science and business
..... Click the link for more information.
..... Click the link for more information.
Processor may refer to:
..... Click the link for more information.
- Central processing unit, the part of a computer that interprets instructions
- Manuscripts processor, one who arranges and describes manuscripts collections
- Microprocessor, a part of a microcomputer
..... Click the link for more information.
Saturation arithmetic is a version of arithmetic in which all operations such as addition and multiplication are limited to a fixed range between a minimum and maximum value.
..... Click the link for more information.
..... Click the link for more information.
In computer architecture, a processor register is a small amount of storage available on the CPU whose contents can be accessed more quickly than storage available elsewhere.
..... Click the link for more information.
..... Click the link for more information.
Processor may refer to:
..... Click the link for more information.
- Central processing unit, the part of a computer that interprets instructions
- Manuscripts processor, one who arranges and describes manuscripts collections
- Microprocessor, a part of a microcomputer
..... Click the link for more information.
binary numeral system, or base-2 number system, is a numeral system that represents numeric values using two symbols, usually 0 and 1. More specifically, the usual base-2 system is a positional notation with a radix of 2.
..... Click the link for more information.
..... Click the link for more information.
20th century - 21st century - 22nd century
1970s 1980s 1990s - 2000s - 2010s 2020s 2030s
2002 2003 2004 - 2005 - 2006 2007 2008
2005 by topic:
News by month
Jan - Feb - Mar - Apr - May - Jun
..... Click the link for more information.
1970s 1980s 1990s - 2000s - 2010s 2020s 2030s
2002 2003 2004 - 2005 - 2006 2007 2008
2005 by topic:
News by month
Jan - Feb - Mar - Apr - May - Jun
..... Click the link for more information.
C
The C Programming Language, Brian Kernighan and Dennis Ritchie, the original edition that served for many years as an informal specification of the language.
..... Click the link for more information.
The C Programming Language, Brian Kernighan and Dennis Ritchie, the original edition that served for many years as an informal specification of the language.
..... Click the link for more information.
In computer science, undefined behavior is a feature of some programming languages — most famously C. In these languages, to simplify the specification and allow some flexibility in implementation, the specification leaves the results of certain operations specifically
..... Click the link for more information.
..... Click the link for more information.
Modular arithmetic (sometimes called modulo arithmetic, or clock arithmetic) is a system of arithmetic for integers, where numbers "wrap around" after they reach a certain value — the modulus.
..... Click the link for more information.
..... Click the link for more information.
Computer graphics is a sub-field of computer science and is concerned with digitally synthesizing and manipulating visual content. Although the term often refers to three-dimensional computer graphics, it also encompasses two-dimensional graphics and image processing.
..... Click the link for more information.
..... Click the link for more information.
Signal processing is the analysis, interpretation and manipulation of signals. Signals of interest include sound, images, biological signals such as ECG, radar signals, and many others.
..... Click the link for more information.
..... Click the link for more information.
In computing, a grayscale or greyscale digital image is an image in which the value of each pixel is a single sample. Displayed images of this sort are typically composed of shades of gray, varying from black at the weakest intensity to white at the strongest, though in
..... Click the link for more information.
..... Click the link for more information.
Saturation arithmetic is a version of arithmetic in which all operations such as addition and multiplication are limited to a fixed range between a minimum and maximum value.
..... Click the link for more information.
..... Click the link for more information.
pixel (short for picture element, using the common abbreviation "pix" for "pictures") is a single point in a graphic image. Each such information element is not really a dot, nor a square, but an abstract sample.
..... Click the link for more information.
..... Click the link for more information.
In computer graphics and photography, high dynamic range imaging (HDRI) is a set of techniques that allows a far greater dynamic range of exposures (i.e. a large range of values between light and dark areas) than normal digital imaging techniques.
..... Click the link for more information.
..... Click the link for more information.
Lisp
Paradigm: multi-paradigm: functional, procedural, reflective
Appeared in: 1958
Designed by: John McCarthy
Developer: Steve Russell, Timothy P. Hart, and Mike Levin
Typing discipline: dynamic, strong
Dialects: Common Lisp, Scheme, Emacs Lisp
..... Click the link for more information.
Paradigm: multi-paradigm: functional, procedural, reflective
Appeared in: 1958
Designed by: John McCarthy
Developer: Steve Russell, Timothy P. Hart, and Mike Levin
Typing discipline: dynamic, strong
Dialects: Common Lisp, Scheme, Emacs Lisp
..... Click the link for more information.
Ada
Paradigm: multi-paradigm: concurrent, distributed, generic-programming, imperative, object-oriented
Appeared in: 1983, last revised 2005
Designed by: Jean Ichbiah, extended
by S.
..... Click the link for more information.
Paradigm: multi-paradigm: concurrent, distributed, generic-programming, imperative, object-oriented
Appeared in: 1983, last revised 2005
Designed by: Jean Ichbiah, extended
by S.
..... Click the link for more information.
The term arithmetic overflow or simply overflow has the following meanings.
..... Click the link for more information.
- In a digital computer, the condition that occurs when a calculation produces a result that is greater in magnitude than what a given register or storage location can store or represent.
..... Click the link for more information.
SIGFPE
Description: Erroneous arithmetic operation
Default action: Abnormal termination of the process
SA_SIGINFO macros
..... Click the link for more information.
Description: Erroneous arithmetic operation
Default action: Abnormal termination of the process
SA_SIGINFO macros
FPE_INTDIV Integer divide by zeroFPE_INTOVF Integer overflowFPE_FLTDIV..... Click the link for more information.
buffer overflow, or buffer overrun, is a programming error which may result in a memory access exception and program termination, or in the event of the user being malicious, a possible breach of system security.
..... Click the link for more information.
..... Click the link for more information.
A heap overflow is another type of buffer overflow that occurs in the heap data area. Memory on the heap is dynamically allocated by the application at run-time and typically contains program data.
..... Click the link for more information.
..... Click the link for more information.
stack buffer overflow occurs when a program accesses a memory address on the program's call stack outside of the intended data structure; usually a fixed length buffer.[1][2]
..... Click the link for more information.
..... Click the link for more information.
In computer science, pointer swizzling is the conversion of references based on name or position to direct pointer references. It is typically performed during the deserialization (loading) of a relocatable object from disk, such as an executable file or pointer-based data
..... Click the link for more information.
..... Click the link for more information.
Software development process
Activities and steps
Requirements | Architecture | Implementation | Testing | Deployment
Models
Agile | Cleanroom | Iterative | RAD | RUP | Spiral | Waterfall | XP
Supporting disciplines
..... Click the link for more information.
Activities and steps
Requirements | Architecture | Implementation | Testing | Deployment
Models
Agile | Cleanroom | Iterative | RAD | RUP | Spiral | Waterfall | XP
Supporting disciplines
..... Click the link for more information.
Static code analysis is the analysis of computer software that is performed without actually executing programs built from that software (analysis performed on executing programs is known as dynamic analysis).
..... Click the link for more information.
..... Click the link for more information.
This article is copied from an article on Wikipedia.org - the free encyclopedia created and edited by online user community. The text was not checked or edited by anyone on our staff. Although the vast majority of the wikipedia encyclopedia articles provide accurate and timely information please do not assume the accuracy of any particular article. This article is distributed under the terms of GNU Free Documentation License.
Herod_Archelaus
