CS0
Integer Overflow - “You can't count that high!”
Background
Summary: Integer values that are too large or too small may fall outside the allowable
bounds for their data type, leading to unpredictable problems that can both reduce the
robustness of your code and lead to potential security problems.
Description: The value of each integer variable is stored in a block of memory of a
fixed size (typically 4 bytes for an integer). If a program attempts to assign a value that
is either too large or too small to an integer variable, there won't be enough room to hold
it. When this happens, you may not have any idea what the value of that variable might
be, but it almost always won't be what you want.
Risk: An integer overflow may be exploited to cause a program crash, lead to incorrect
behavior, or present opportunities for malicious software to run code that could do bad
things to your computer.
Example of Occurrence: There is a Facebook group called “If this group reaches
4,294,967,296 it might cause an integer overflow. “ This value is the largest number that
can fit in a 32 bit unsigned integer. If the number of members of the group exceeded this
number, it might cause an overflow. Whether it will cause an overflow or not depends
upon how Facebook is implemented and which language is used – they might use data
types that can hold larger numbers. In any case, the chances of an overflow seem
remote, as roughly 2/3 of the people on earth would be required to reach the goal of
more than 4 billion members.
How can I avoid integer overflow?
1. Choose your data types carefully: Choose your data types to be large enough to
hold the values you will be working with. If there's any doubt at all as to whether your
variable will have values that are too large for a short, use an int. If the int
might be too small, use a long.
2. Validate your input for ranges and reasonableness. Check input is valid and
reasonable before conducting operations.
CS0
Problem
1.Type in the following program. Compile and run.
import java.util.Scanner;
public class IntegerOverflow {
public static void main(String[] args) {
Scanner scan = new Scanner(System.in);
// variable declarations
// add short, long
***
int i;
byte b;
short sh;
long lon;
System.out.println("Largest integer is "+Integer.MAX_VALUE);
System.out.println("Smallest integer is "+Integer.MIN_VALUE);
System.out.println("Largest byte is "+Byte.MAX_VALUE);
System.out.println("Smallest byte is "+Byte.MIN_VALUE);
System.out.println("Largest short is " +Short.MAX_VALUE);
System.out.println("Smallest short is " +Short.MIN_VALUE);
System.out.println("Largest long is "+ Long.MAX_VALUE);
System.out.println("Smallest long is "+Long.MIN_VALUE);
System.out.print("Type an integer value: ");
i = scan.nextInt();
System.out.println("Type a byte value: ");
b = scan.nextByte();
System.out.println("Type a short value: ");
sh = scan.nextShort();
System.out.println("Type a long value: ");
lon = scan.nextLong();
System.out.println("\nYou entered the following values: ");
System.out.println("Integer: "+i);
System.out.println("Byte: "+b);
System.out.println("Short: "+sh);
System.out.println("Long: "+lon);
i = Integer.MAX_VALUE+1;
System.out.println("Integer overflow: i = "+i);
sh = (short) (sh *10);
System.out.println("Ten times short value is "+sh);
}
}
CS0
2. Print out the program and output before proceeding.
3. Complete the following checklist for this program.
Security Checklist
Checklists are used in many industries including aviation and software for safety and
error checking. Complete the following security checklist to identify potential
vulnerabilities in your code.
Security Checklist
Integer Overflow
Vulnerability
Course
CS0
Check each line of code
1. Underline each occurrence of an integer variable.(All occurrences of i
should be underlined)
For each underlined variable:
2. Mark with a V any assignments made to this variable that are the result of
mathematical operations. (should be one V)
Possible Vulnerability!!
Discussion
1. What happens when you exceed the largest integer value? Why do you think that
is?
2. How could addition result in an integer overflow?
3. How could multiplication result in an integer overflow?
4. What sort of things might go wrong when an integer overflow happens?
Turn in program (marked after completing checklist), output, and questions.