OWASP Periodic Table of Vulnerabilities - Integer Overflow/Underflow

From OWASP
Revision as of 14:22, 22 July 2013 by James Landis (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Return to Periodic Table Working View

Contents

Integer Overflow / Underflow

Root Cause Summary

Arithmetic operations cause a number to either grow too large to be represented in the number of bits allocated to it, or too small. This could cause a positive number to become negative or a negative number to become positive, resulting in unexpected/dangerous behavior.

Browser / Standards Solution

None

Perimeter Solution

None

Generic Framework Solution

The framework should provide safe object wrappers for numerical data types, just as it does for other generic data types such as phone numbers and email addresses. All arithmetic operations performed on primitive numeric types in the framework should perform overflow/underflow checks first.

Custom Framework Solution

None

Custom Code Solution

Never perform arithmetic operations on numeric primitives without strict checking for overflow/underflow conditions.

Discussion / Controversy

Static analysis can be quite helpful in checking for possible overflow/underflow conditions.

Some runtime environments automatically check for overflow/underflow and trigger exceptions, but no mainstream language runtimes used for web application development currently do this except for some flavors of Python. This vulnerability category may be a candidate to be completely solved in the platform or framework if enough pressure can be placed on language runtime developers to implement a solution.

References

Integer Overflow
Integer Overflows (WASC)
Integer Overflow or Wraparound (CWE)