integer-overflow-cs0-java

advertisement

CS0

Integer Errors - “You've got the wrong value!”

Background

Summary: Integer values that are too large or too small may fall outside the allowable bounds for their data type, leading to unpredictable problems that can both reduce the robustness of your code and lead to potential security problems.

Description: Variables are stored in a block of memory of a fixed size. This means that there is a largest and smallest value that any variable of a given data type can hold.

Mathematical operations such as addition and multiplication may lead to values that are outside of this range. For example, if an integer variable a holds the largest possible value, the expression a * 10; will give a a value that is outside of that range

– the value will literally be too big. This condition is an integer overflow. When you have an integer overflow, the value stored in the variable will not be what you want. This can lead to a variety of problems, including security vulnerabilities.

If a program attempts to assign a value that is either too large or too small to an integer variable, there won't be enough room to hold it. Data that can't fit is simply thrown away. When this happens, you may not have any idea what the value of that variable might be, but it almost always won't be what you want.

Similar problems can occur when external input (for example, data typed by a user) is used to assign a value to an integer variable – these problems are known as input validation vulnerabilities.

Risk: An integer overflow may be exploited to cause a program crash, lead to incorrect behavior, or present opportunities for malicious software to run code that could do bad things to your computer.

Example of Occurrence: There is a Facebook group called “ If this group reaches

4,294,967,296 it might cause an integer overflow.

“ This value is the largest number that can fit in a 32 bit unsigned integer. If the number of members of the group exceeded this number, it might cause an overflow. Whether it will cause an overflow or not depends upon how Facebook is implemented and which language is used – they might use data types that can hold larger numbers. In any case, the chances of an overflow seem remote, as roughly 2/3 of the people on earth would be required to reach the goal of more than 4 billion members.

How can I avoid integer overflow?

1. Choose your data types carefully: Choose your data types to be large enough to hold the values you will be working with. If there's any doubt at all as to whether your

CS0 variable will have values that are too large for a short , use an int. If the int might be too small, use a long .

2. Validate your input for ranges and reasonableness.

Check input is valid and reasonable before conducting operations.

Problem

1.

Type in the following program. Compile and run . import java.util.Scanner; public class IntegerError {

public static void main(String[] args) {

Scanner scan = new Scanner(System.in);

// variable declarations

// add short, long ***

int i;

byte b;

short sh;

long lon;

System.out.println("Largest integer is "+Integer.MAX_VALUE);

System.out.println("Smallest integer is "+Integer.MIN_VALUE);

System.out.println("Largest byte is "+Byte.MAX_VALUE);

System.out.println("Smallest byte is "+Byte.MIN_VALUE);

System.out.println("Largest short is " +Short.MAX_VALUE);

System.out.println("Smallest short is " +Short.MIN_VALUE);

System.out.println("Largest long is "+ Long.MAX_VALUE);

System.out.println("Smallest long is "+Long.MIN_VALUE);

System.out.print("Type an integer value: ");

i = scan.nextInt();

System.out.println("Type a byte value: ");

b = scan.nextByte();

System.out.println("Type a short value: ");

sh = scan.nextShort();

System.out.println("Type a long value: ");

lon = scan.nextLong();

System.out.println("\nYou entered the following values: ");

System.out.println("Integer: "+i);

System.out.println("Byte: "+b);

System.out.println("Short: "+sh);

System.out.println("Long: "+lon);

i = Integer.MAX_VALUE+1;

CS0

System.out.println("Integer overflow: i = "+i);

sh = (short) (sh *10);

System.out.println("Ten times short value is "+sh);

}

}

2. Print out the program and output before proceeding.

3. Complete the following checklist for this program.

4. Run this program until you find a value for the short that causes an error.

What happens when an integer error occurs?

What is the smallest value for the short that you can find that leads to an error when it is first typed in – when the program prints “short: “ and then your value?

What is the smallest value that you can type that causes an error when it is multiplied by 10?

Security Checklist

Checklists are used in many industries including aviation and software for safety and error checking. Complete the following security checklist to identify potential vulnerabilities in your code.

Security Checklist

Vulnerability Integer Overflow Course CS0

Check each line of code

1. Underline each occurrence of an integer variable.(All occurrences of i should be underlined)

For each underlined variable:

2. Mark with a V any assignments made to this variable that are the result of mathematical operations.

3. Mark with a V any assignments made to this variable.

4. Mark with a V any input operations that assign values to these variables.

Possible Vulnerability!!

Discussion

1. What happens when you exceed the largest integer value? Why do you think that is?

2. How could addition result in an integer error?

3. How could multiplication result in an integer error?

4. How could user input result in an integer error?

5.

What sort of things might go wrong when an integer error happens?

Download