CS1 Integer Overflow - “You can't count that high!” Background Summary: Integer values that are too large or too small may fall outside the allowable bounds for their data type, leading to unpredictable problems that can both reduce the robustness of your code and lead to potential security problems. Description: The value of each integer variable is stored in a block of memory of a fixed size (typically 4 bytes for an integer). If a program attempts to assign a value that is either too large or too small to an integer variable, there won't be enough room to hold it. When this happens, you may not have any idea what the value of that variable might be, but it almost always won't be what you want. Risk: An integer overflow may be exploited to cause a program crash, lead to incorrect behavior, or present opportunities for malicious software to run code that could do bad things to your computer. Example of Occurrence: Many Unix operating systems store time values in 32-bit signed (positive or negative) integers, counting the number of seconds since midnight on January 1, 1970. On Tuesday, January 19, 2038, this value will overflow, becoming a negative number. Although the impact of this problem in 2038 is not yet known, there are concerns that software that projects out to future dates – including tools for mortgage payment and retirement fund distribution – might face problems long before then. Source: “Year 2038 Problem” http://en.wikipedia.org/wiki/Year_2038_problem How can I avoid integer overflow? 1) Choose your data types carefully: Choose your data types to be large enough to hold the values you will be working with. If there's any doubt at all as to whether your variable will have values that are too large for a short, use an int. If an int might be too small, use a long. 2) Validate your input for ranges and reasonableness. Check input is valid and reasonable before conducting operations. 3) Check for possible overflows: . Always check results of arithmetic operations or parsing of strings to integers, to be sure that an overflow has not occurred. The result of multiplying two positive integers should be at least as big as both of those integers, etc. If you find a result that overflows, you can take appropriate action before the result is used. This might mean reporting an exception, stopping the program, or repeating a request for input. CS1 Problem 1) Run the following program and print the program and output. public class PrintLimits { public static void main(String args[]) { System.out.println("Min System.out.println("Max System.out.println("Min System.out.println("Max System.out.println("Min System.out.println("Max System.out.println("Min System.out.println("Max System.out.println("Min System.out.println("Max byte value byte value short value short value int value int value float value float value double value double value = = = = = = = = = = " " " " " " " " " " + + + + + + + + + + Byte.MIN_VALUE); Byte.MAX_VALUE); Short.MIN_VALUE); Short.MAX_VALUE); Integer.MIN_VALUE); Integer.MAX_VALUE); Float.MIN_VALUE); Float.MAX_VALUE); Double.MIN_VALUE); Double.MAX_VALUE); int x = Integer.MAX_VALUE; int y = x+1; System.out.println(x); int z1 = Integer.MIN_VALUE-1; int z2 = Integer.MIN_VALUE-2; int z3 = z1*z2; System.out.println(z3); } } 2) For each of the following give the appropriate declaration: a) Number of students at your college b) Population of Baltimore 637,455 c) Population of Maryland 5.6 million d) the world population (6.6 billion). e) Add code to demonstrate an integer overflow. 3) a) Write a program that shows the population growth (use a short int) for a small town with a current population of 20,000. Assume a 10% increase each year. Show the population after year 1, year 2, ...,How many years until overflow occurs? b) Complete the checklist given below for this program. c) Modify the program to use a more appropriate type. How many years will this modified version continue before hitting an overflow? CS1 Security Checklist Checklists are used in many industries including aviation and software for safety and error checking. Complete the following security checklist to identify potential vulnerabilities in your code. Complete the following security checklist for this program. Security Checklist Integer Overflow Vulnerability Course Check each line of code 1. Underline each occurrence of an integer variable. For each underlined variable: 2. Mark with a V any assignments made to this variable. CS1 3. Mark with a V all inputs to these variables. Possible Vulnerability!! Discussion 1. In your own words, describe an integer overflow. 2. How could an integer overflow occur in your program? 3. What happens when an integer overflow occurs? 4. Why is multiplication particularly risk? 5. Name three things that you might do in your next program to prevent an integer overflow from occurring?