Home
Topics
Software Security Testing and Quality Assurance
Internet Application Security
Understanding and preventing integer overflows

Ask the Expert

Understanding and preventing integer overflows

What are integer overflows? How do they differ from buffer overflows? What kind of damage do they cause and how can I prevent them?

Requires Free Membership to View

Login

By submitting you agree to receive email communications from
TechTarget and its partners. Privacy Policy Terms of Use.

An integer overflow occurs whenever a computer program tries to store an integer into a register or variable that isn't large enough to hold that value. Generally, the size of these locations is determined by the size of the register on the processor being used, usually 32 bits. Buffer overflows are a different sort of exploit. (For an introduction to buffer overflows, see the chapter on buffer overflows from the OWASP Guide to Building Secure Web Applications and Web Services.)

Math operations such as addition, multiplication and shifts can produce a result that is too large to store -- an integer overflow. Depending on the compiler, this integer overflow can result in a sign error, truncating the largest or smallest portion of the result, or another type of error. An integer overflow could lead to a security problem if the overflow affects the value of a pointer that references other code or data in memory. An attack could exploit the integer overflow in a way that allows execution of arbitrary code, resulting in a complete takeover of the vulnerable program's process.

These flaws can be extremely tricky to find and eliminate. The best approach is to use a safe integer class that has been built to avoid these problems. David LeBlanc's column "Integer Handling with the C++ SafeInt Class" provides a detailed mathematical analysis of integer overflows.

More News and Tutorials

Articles

This was first published in June 2006

Join the conversationComment

Share

Comments

Results

Contribute to the conversation

All fields are required. Comments will appear at the bottom of the article.

Back to top

More from Related TechTarget Sites

SOA
Java
Windows Development
Oracle
Cloud computing
Business Analytics

SOA
- Top four trends with intelligent integrated enterprises
  
  From the cloud to big data, there are major trends architects need to be aware of.
- XML appliances' evolving role in messaging protocol
  
  XML appliances have evolved. Jason Bloomberg, president of ZapThink, a Dovel Technologies company, gives an overview of the technology in this Q&A.
- API management, servers enable mobile, Web gift services strategy
  
  By exposing a network through application programming interfaces, Blackhawk Network is making the change from physical to digital cards.
Java
- Will the Red Hat model work for IaaS cloud computing with OpenStack?
  
  The Red Hat transition is to move their successful model to IaaS through OpenStack and cloud computing. But will this new move from the JBoss company work as well as RHEL did a decade ago?
- How Red Hat's Linux and OpenStack IaaS drives Intel's bottom line
  
  While a major protectorate of intellectual property, Red Hat Linux and OpenStack IaaS offerings provide the bonus of driving innovation, which leads to more chips being purchased, driving revenue at Intel's bottom line.
- Embracing OpenStack: How Red Hat commoditized open source cloud computing
  
  By leveraging OpenStack, Red Hat plans to commoditized cloud computing, just like they commoditized open source Linux ten years ago.
Windows Development
- Pay-as-you-go Windows Azure BizTalk services changes EAI and EDI
  
  Learn about the pay-as-you-go Windows Azure BizTalk Services that was released at TechEd 2013.
- Native versus JavaScript/HTML5 development for Window 8 apps
  
  Learn the advantages and disadvantages in using HTML5/JavaScript for deployment.
- Technology Priorities for 2012
  
  Each year TechTarget surveys thousands of IT professionals around the world on their company’s forecasts for the coming year. As IT budgets continue through the strain of trying to align themselves with businesses trying to recover from the global recession, the direction of IT’s newest technologies may surprise you.
Oracle
- The future of Dell Toad: Oracle DBAs can use BI, Exadata features
  
  Dell Toad is pushing itself into business intelligence and now has an edition to support Oracle's big Exadata appliance.
- Unlock the potential of the Oracle Exadata architecture
  
  Despite being almost five years old now, many implementations haven't realized all of the Oracle Exadata architecture benefits.
- The state of Dell Toad: Oracle DBAs and how they can still benefit
  
  Since Dell acquired Quest Software, maker of the Toad tool for Oracle databases and applications, some questions have arisen about what would happen.
Cloud computing
- PaaS market heats up with Red Hat OpenShift, Savvis AppFog buy
  
  PaaS made headlines last week, but it's still difficult to gauge the true level of interest in Platform as a Service in the enterprise world.
- IBM, Salesforce deals usher in cloud consolidation era
  
  IBM's SoftLayer buy is getting mixed reviews from IT pros, but everyone agrees that it's an example of the consolidation phase of the cloud bubble.
- U.S. defense agencies' cloud transition yields better intelligence
  
  A cloud migration seems daunting but the effort is worthwhile; U.S. defense agencies say their cloud move led to better military intelligence.
Business Analytics
- No more shortcuts: Sound data quality strategy a must for BI success
  
  In the past, companies might have gotten away with not building data quality efforts into business intelligence programs. That's less likely now.
- Member Exclusive Downloads
  
  Member Exclusive Downloads from SearchBusinessAnalytics
- In-memory applications take on big data analytics challenge
  
  In-memory tools and big data can be a potent analytics mix. But before you put them together, read advice from experienced users and consultants.

All Rights Reserved,Copyright 2006 - 2013, TechTarget