CS0
Integer Errors - “You've got the wrong value!”
Background
Summary: Integer values that are too large or too small may fall outside the allowable
bounds for their data type, leading to unpredictable problems that can both reduce the
robustness of your code and lead to potential security problems.
Description: The value of each integer variable is stored in a block of memory of a
fixed size. This size of this block, which is dependent upon the specific type of integer
variable (int, short, long, etc.), limits the range of values that can be stored in
variables of that type. Mathematical operations such as addition, subtraction, and
multiplication may lead to values that are outside of this range. If an operation yields a
value that is out of range for the type, an integer errors occurs, and the resulting value
will likely not be what the programmer intended. This applies to all data types that store
integer variables.
Risk: An integer error may be exploited to cause a program crash, lead to incorrect
behavior, or present opportunities for malicious software to run code that could do bad
things to your computer.
Example of Occurrence: There is a Facebook group called “If this group reaches
4,294,967,296 it might cause an integer overflow. “ This value is the largest number that
can fit in a 32 bit unsigned integer. If the number of members of the group exceeded this
number, it might cause an overflow. Whether it will cause an overflow or not depends
upon how Facebook is implemented and which language is used – they might use data
types that can hold larger numbers. In any case, the chances of an overflow seem
remote, as roughly 2/3 of the people on earth would be required to reach the goal of
more than 4 billion members.
How can I avoid integer overflow?
1. Choose your data types carefully: Many programming languages contain multiple
data types for storing integer values. If you have any concerns about the integer
values that you will be using, learn about the options available in the language you
are using, and choose integer types that are large enough to hold the values you will
be using.
2. Validate your input for ranges and reasonableness. Check input is valid and
reasonable before conducting operations.
CS0
Problem
1. Create a new project. Type in the following program. Compile and run.
import java.util.Scanner;
public class IntegerError {
public static void main(String[] args) {
Scanner scan = new Scanner(System.in);
// variable declarations
int i;
int j;
int result;
System.out.println("Largest integer is "+Integer.MAX_VALUE);
System.out.println("Smallest integer is "+Integer.MIN_VALUE);
System.out.print("Input two integer values: ");
i = scan.nextInt();
j = scan.nextInt();
System.out.println("\nYou entered the following values: ");
System.out.println("Integer: "+ i + " " + j);
result = i * 10;
System.out.println("Your number times ten is "+result);
result = i + j;
System.out.println("The sum of your numbers is "+result);
result = i * j;
System.out.println("The product of your numbers is "+result);
}
}
2. Print out the output before proceeding.
3. Run this program until you find a value for the integer that causes an error.
 What happens when an integer error occurs?
 Try typing in a large number to see if you can create an error. Do you get an
error when you type in 1 million (1,000,000)? 1 billion (1,000,000,000)? 10 billion
(10,000,000,000)? Don't type the commas when you enter the numbers.
4. Complete the following checklist for this program.
CS0
Security Checklist
Checklists are used in many industries including aviation and software for safety and
error checking. Complete the following security checklist to identify potential
vulnerabilities in your code.
Security Checklist
Vulnerability Integer Errors
Course
CS0
Check each line of code
1. Underline each occurrence of an integer variable.
For each underlined variable:
2. Mark with a V any input operations that assign values to the variable.
3. Mark with a V any mathematical operations involving the variable.
4. Mark with a V any assignments made to the variable.
Possible Vulnerability!!
Discussion
1. What happens when you exceed the largest integer value? Why do you think that
is?
2. How could addition result in an integer overflow?
3. How could multiplication result in an integer overflow?
4. What operation is most likely to cause an integer overflow?
5. What sort of things might go wrong when an integer error happens?