Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following sections examine specific operations that are susceptible to unsigned integer wrap. When operating on small integer types (smaller than int), integer promotions are applied. The usual arithmetic conversions may also be applied to (implicitly) convert operands to equivalent types before arithmetic operations are performed. Make sure you understand integer conversion rules before trying to implement secure arithmetic operations. (See guideline recommendation INT02-C. Understand integer conversion rules.)

...

Addition is between two operands of arithmetic type or between a pointer to an object type and an integer type. (See guidelines rules ARR37-C. Do not add or subtract an integer to a pointer to a non-array object and ARR38-C. Do not add or subtract an integer to a pointer if the resulting value does not refer to a valid array element for rules information about adding a pointer to an integer.) Incrementing is equivalent to adding one.

...

Subtraction is between two operands of arithmetic type, two pointers to qualified or unqualified versions of compatible object types, or between a pointer to an object type and an integer type. See guidelines rules ARR36-C. Do not subtract or compare two pointers that do not refer to the same array, ARR37-C. Do not add or subtract an integer to a pointer to a non-array object, and ARR38-C. Do not add or subtract an integer to a pointer if the resulting value does not refer to a valid array element for rules information about pointer subtraction. Decrementing is equivalent to subtracting one.

...

Wiki Markup
The Mozilla Scalable Vector Graphics (SVG) viewer contains a heap buffer overflow vulnerability resulting from an unsigned integer wrap during the multiplication of the {{signed int}} value {{pen->num_vertices}} and the {{size_t}} value {{sizeof(cairo_pen_vertex_t)}} \[[VU#551436|AA. Bibliography#VU551436]\].  The {{signed int}} operand is converted to {{size_t}} prior to the multiplication operation so that the multiplication takes place between two {{size_t}} integers, which are unsigned. (See guidelinerecommendation [INT02-C. Understand integer conversion rules].)

...

Tool

Version

Checker

Description

Section

Fortify SCA

Section

V. 5.0

 

Section

can detect violations of this rule with the CERT C Rule Pack

Section

Compass/ROSE

 

 

Section

can detect violations of this rule by ensuring that operations are checked for overflow before being performed. Be mindful of exception {{INT30-EX2}} because it excuses many operations from requiring validation; , including all the operations that would validate a potentially dangerous operation. For instance, adding two unsigned int's together requires validation involving subtracting one of the numbers from UINT_MAX, which itself requires no validation, as it cannot wrap

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: INT30-CPP. Ensure that unsigned integer operations do not wrap

Bibliography

Wiki Markup\[[Dowd 2006|AA. Bibliography#Dowd 06]\] Chapter 6, "C Language Issues" (Arithmetic Boundary Conditions, pp. 211-223) \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.2.5, "Types," Section 6.5, "Expressions," and Section 7.10, "Sizes of integer types {{<limits.h>}}" \[["

ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] TR 24772 "XYY Wrap-around Error"

MITRE CWE: CWE-190, "Integer Overflow (Wrap or Wraparound)"

Bibliography

Wiki Markup
\[[MITREDowd 20072006|AA. Bibliography#MITREBibliography#Dowd 0706]\] [CWE ID 190|http://cwe.mitre.org/data/definitions/190.html]Chapter 6, "IntegerC OverflowLanguage Issues" (WrapArithmetic or Wraparound)"Boundary Conditions, pp. 211-223)
\[[Seacord 2005|AA. Bibliography#Seacord 05]\] Chapter 5, "Integers"
\[[Viega 2005|AA. Bibliography#Viega 05]\] Section 5.2.7, "Integer overflow"
\[[VU#551436|AA. Bibliography#VU551436]\]
\[[Warren 2002|AA. Bibliography#Warren 02]\] Chapter 2, "Basics"
\[[Wojtczuk 2008|AA. Bibliography#Wojtczuk 08]\]
\[[xorl 2009|AA. Bibliography#xorl 2009]\] ["CVE-2009-1385: Linux kernel E1000 Integer Underflow"|http://xorl.wordpress.com/2009/06/10/cve-2009-1385-linux-kernel-e1000-integer-underflow/]

...