Integer overflow

Integer overflow

In computer programming, an integer overflow occurs when an arithmetic operation attempts to create a numeric value that is larger than can be represented within the available storage space. For instance, adding 1 to the largest value that can be represented constitutes an integer overflow. The most common result in these cases is for the least significant representable bits of the result to be stored (the result is said to "wrap"). On some processors like GPUs and DSPs, the result saturates, that is once the maximum value is reached attempts to make it larger simply return the maximum result.

Origin

The register width of a processor determines the range of values that can be represented. Typical binary register widths include:

: 8 bits (maximum representable value 28 - 1 = 255),: 16 bits (maximum representable value 216 - 1 = 65,535),: 32 bits (the most common width for personal computers as of 2005, maximum representable value 232 - 1 = 4,294,967,295),: 64 bits (maximum representable value 264 - 1 = 18,446,744,073,709,551,615),: 128 bits (maximum representable value 2128 - 1 = 340,282,366,920,938,463,463,374,607,431,768,211,455)

Since an arithmetic operation may produce a result larger than the maximum representable value, a potential error condition may result. In the C programming language, signed integer overflow causes undefined behavior, while unsigned integer overflow causes the number to be reduced modulo a power of two, meaning that unsigned integers "wrap around" on overflow.

In computer graphics or signal processing, it is typical to work on data that ranges from 0 to 1 or from -1 to 1. An example of this is a grayscale image where 0 represents black, 1 represents white, and values in-between represent varying shades of gray. One operation that one may want to support is brightening the image by multiplying every pixel by a constant. Saturated arithmetic allows one to just blindly multiply every pixel by that constant without worrying about overflow by just sticking to a reasonable outcome that all these pixels larger than 1 (i.e. "brighter than white") just become white and all values "darker than black" just become black.

ecurity ramifications

In some situations a program may make the assumption that a variable always contains a positive value. If the variable has a signed integer type an overflow can cause its value to wrap and become negative, violating the assumption contained in the program and perhaps leading to unintended behavior. Similarly, subtracting from a small unsigned value may cause it to wrap to a large positive value which may also be an unexpected behavior. Multiplying or adding two integers may result in a value that is non-negative, but unexpectedly small. If this number is used as the number of bytes to allocate for a buffer, the buffer will be allocated unexpectedly small, leading to a potential buffer overflow.

Some languages, such as Lisp and Ada, provide mechanisms that, if used, result in accidental overflow triggering an exception condition. Many languages do not support such functionality. In Python, a number that becomes too large for an integer seamlessly becomes a long. [ [http://www.python.org/doc/1.4/ref/ref5.html Python documentation] , section 5.1 Arithmetic conversions.] And in Python 3.0, integers and arbitrary sized longs are unified. [ [http://www.python.org/dev/peps/pep-0237/ Python Enhancement Proposal 237] ]

Techniques for mitigating integer overflow problems

List of techniques and methods that might be used to mitigate against the consequences of integer overflow:

* The effects of integer-based attacks for C/C++ and how to defend against them by using subtyping in [http://www.cs.cmu.edu/~dbrumley/pubs/integer-ndss-07.pdf Efficient and Accurate Detection of Integer-based Attacks] .

ee also

*Arithmetic overflow
*SIGFPE
*Buffer overflow
*Heap overflow
*Stack buffer overflow
*Pointer swizzling
*Software testing
*Static code analysis

External links

* [http://www.phrack.org/issues.html?issue=60&id=10#article Phrack #60, Basic Integer Overflows]
* [http://www.phrack.org/issues.html?issue=60&id=9#article Phrack #60, Big Loop Integer Protection]
* [http://thetaeng.com/TimerWrap.htm How to implement efficiently in C]


Wikimedia Foundation. 2010.

Игры ⚽ Нужен реферат?

Look at other dictionaries:

  • Integer overflow — Dépassement d entier En informatique, un dépassement d entier (integer overflow) est une condition qui se produit lorsqu une opération mathématique produit une valeur numérique supérieure à celle représentable dans l espace de stockage disponible …   Wikipédia en Français

  • Integer overflow — Ein Ganzzahlüberlauf (englisch integer overflow) tritt auf, wenn ein Computer Berechnungen mit begrenzter Stellenzahl durchführt und das Rechenergebnis zur Darstellung mehr Stellen erfordert. Die Stellenanzahl und damit der Wertebereich ist durch …   Deutsch Wikipedia

  • Stack buffer overflow — In software, a stack buffer overflow occurs when a program writes to a memory address on the program s call stack outside of the intended data structure; usually a fixed length buffer.cite web last = Fithen first = William L coauthors = Seacord,… …   Wikipedia

  • Arithmetic overflow — The term arithmetic overflow or simply overflow has the following meanings. In a computer, the condition that occurs when a calculation produces a result that is greater in magnitude than that which a given register or storage location can store… …   Wikipedia

  • Buffer Overflow — Dépassement de tampon En informatique, un dépassement de tampon ou débordement de tampon (en anglais, buffer overflow) est un bogue causé par un processus qui, lors de l écriture dans un tampon, écrit à l extérieur de l espace alloué au tampon,… …   Wikipédia en Français

  • Buffer overflow — Dépassement de tampon En informatique, un dépassement de tampon ou débordement de tampon (en anglais, buffer overflow) est un bogue causé par un processus qui, lors de l écriture dans un tampon, écrit à l extérieur de l espace alloué au tampon,… …   Wikipédia en Français

  • Heap overflow — Dépassement de tas En informatique, un dépassement ou débordement de tas (en anglais, heap based buffer overflow ou plus simplement heap overflow) est un bogue semblable à un dépassement de tampon, mais contrairement à ce dernier où le… …   Wikipédia en Français

  • Call stack overflow — Dépassement de pile En informatique, un dépassement de pile ou débordement de pile (en anglais, stack overflow) est un bogue causé par un processus qui, lors de l écriture dans une pile, écrit à l extérieur de l espace alloué à la pile, écrasant… …   Wikipédia en Français

  • Stack overflow — Dépassement de pile En informatique, un dépassement de pile ou débordement de pile (en anglais, stack overflow) est un bogue causé par un processus qui, lors de l écriture dans une pile, écrit à l extérieur de l espace alloué à la pile, écrasant… …   Wikipédia en Français

  • Buffer overflow protection — refers to various techniques used during software development to enhance the security of executable programs by detecting buffer overflows on stack allocated variables as they occur and preventing them from becoming serious security… …   Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”