integer overflow
Summary
Premise
- code performs arithmetic assuming numbers fit in types without checks
- assumption that
a < (a + 1)is always true
Attack
- choose inputs so arithmetic overflows the size of the type
Attacker’s goals
- trigger out-of-bounds writes/reads -> integrity
- bypass size checks -> execution integrity
Defense
- perform explicit overflow-safe checks, check
count <= SIZE_MAX / sizeof(struct) - use wide integer types for intermediate calculations
- use safe allocation helpers that check for overflow
- static analysis and fuzzing to detect edge cases
Concept
Integer overflow
- result of arithmetic operation exceeds the range of the data type
- signed overflow
- unsigned overflow
Application
Unsigned overflow(4-bit)
Bypass size checks
c