Signed to unsigned conversion error

Revision as of 07:08, 26 May 2009 by Deleted user (Talk | contribs)

Jump to: navigation, search

aids facts africa [ australia calculator tax ] [ africa songhai ] [ indian embassy south asia ] [ autocad 2004 authorization ] [ autothority chip ] [ inline autocomplete ] [ early south african music ] [ lowan australia ltd ] [ antivirus scan free download ] [ asian girl model thumbnail young ] [ antivirus cleanup ] [ animal australia enclosure small ] [ asian girl friends ] [ cheap australian web hosting ] [ yardley cosmetics south africa ] [ calendar and asian and woman ] [ pc magazine antivirus ] [ hamamoto asian ] [ etrust antivirus 7.0.139 ] [ asian symbol ] [ african gift items ] [ apl lines australia ] automobile dealer national [ sen thai asian bistro ] [ african gray ] clamav antivirus download [ automotive lyndale service ] [ antivirus personal ] [ australian free lotto system ] asian food grocer [ asia news network ] [ anal asian free pic ] [ antivirus roundup ] [ winantivirus popup ] [ disney stores australia ] [ autonics sensors ] [ african american vow wedding ] [ nod antivirus ] [ africa kids facts ] autoridad nacional del ambiente panama [ enchere auto ] [ workcover australian capital territory ] [ reedman toll auto world langhorne pa ] url [ autosurf autosurf free site ] [ australia uranium company ] [ bird sales australia ] [ asian option smile ] [ avg antivirus new ] This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 05/26/2009

Vulnerabilities Table of Contents


A signed-to-unsigned conversion error takes place when a signed primitive is used as an unsigned value, usually as a size variable.


  • Availability: Incorrect sign conversions generally lead to undefined behavior, and therefore crashes.
  • Integrity: If a poor cast leads to a buffer overflow or similar condition, data integrity may be affected.
  • Access control (instruction processing): Improper signed-to-unsigned conversions without proper checking can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.

Exposure period

  • Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
  • Design: Accessor functions may be designed to mitigate some of these logical issues.
  • Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack, or misuse, of mitigating technologies.


  • Languages: C, C++, Fortran, Assembly
  • Operating platforms: All

Required resources




Likelihood of exploit


Often, functions will return negative values to indicate a failure state. In the case of functions which return values which are meant to be used as sizes, negative return values can have unexpected results. If these values are passed to the standard memory copy or allocation functions, they will implicitly cast the negative error, indicating value to a large unsigned value.

In the case of allocation, this may not be an issue; however, in the case of memory and string copy functions, this can lead to a buffer overflow condition which may be exploitable.

Also, if the variables in question are used as indexes into a buffer, it may result in a buffer underflow condition.

In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:

int returnChunkSize(void *) {
  /* if chunk info is valid, return the size of usable memory, 
   * else, return -1 to indicate an error

int main() {
  memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1));

If returnChunkSize() happens to encounter an error, and returns -1, memcpy will assume that the value is unsigned and therefore interpret it as MAXINT-1, therefore copying far more memory than is likely available in the destination buffer.

Risk Factors




Related Attacks

Related Vulnerabilities

Related Controls

  • Requirements specification: Choose a language which is not subject to these casting flaws.
  • Design: Design object accessor functions to implicitly check values for valid sizes. Ensure that all functions which will be used as a size are checked previous to use as a size. If the language permits, throw exceptions rather than using in-band errors.
  • Implementation: Error check the return values of all functions. Be aware of implicit casts made, and use unsigned variables for sizes if at all possible.

Related Technical Impacts


Note: A reference to related CWE or CAPEC article should be added when exists. Eg: