CS0
Integer Errors - “You can't count that high!”
Background
Summary: Integer values that are too large or too small may fall outside the allowable
bounds for their data type, leading to unpredictable problems that can both reduce the
robustness of your code and lead to potential security problems.
Description: The value of each integer variable is stored in a block of memory of a
fixed size. If an operation yields a value that is out of range for the type, an integer
errors occurs, and the resulting value will likely not be what the programmer intended.
Risk: An integer error may be exploited to cause a program crash, lead to incorrect
behavior, or present opportunities for malicious software to run code that could do bad
things to your computer.
Example of Occurrence: On December 25, 2004, Comair airlines was forced to
ground 1,100 flights after its flight crew scheduling software crashed. The software used
a 16-bit integer (max 32,768) to store crew changes. That number was exceeded due to
bad weather that month led to numerous crew reassignments.
CS0
Problem
1.Type in the following program. Compile and run.
import java.util.Scanner;
public class IntegerError {
public static void main(String[] args) {
Scanner scan = new Scanner(System.in);
// variable declarations
int i;
System.out.println("Largest integer is "+Integer.MAX_VALUE);
System.out.println("Smallest integer is "+Integer.MIN_VALUE);
System.out.print("Type an integer value: ");
i = scan.nextInt();
System.out.println("\nYou entered the following value: ");
System.out.println("Integer: "+i);
//
System.out.println("Integer overflow: = "+Integer.MAX_VALUE+1);
}
}
1.
2.
3.
4.
5.
Compile and Run.
What is the largest possible integer value?
Enter a reasonable value. Print out the output before proceeding.
What do you think will happen if you enter a value larger than the highest value?
Run again and enter a value that exceeds the largest possible (try an 11 digit
number). What happens? Why?
6. Remove the comments (//) from the beginning of the last line of the program.
Compile. You will receive a warning. Why do you think that is?
7. For this one time we will ignore the warning. Run. What happens? Why?
8. Complete the following checklist for this program.
CS0
Security Checklist
Checklists are used in many industries including aviation and software for safety and
error checking. Complete the following security checklist to identify potential
vulnerabilities in your code.
Security Checklist
Vulnerability Integer Errors
Course
CS0
Check each line of code
1. Underline each occurrence of an integer variable.(All occurrences of i
should be underlined)
For each underlined variable:
2. Mark with a V any input operations that assign values to the variable.
3. Mark with a V any mathematical operations involving the variable.
Possible Vulnerability!!
Discussion
1. How many bytes are allocated for an integer?
2. What is the largest possible value for an integer? Why do you think that is?
3. What happens when you exceed the largest integer value? Explain.
4. Look up the following info:
What is the current population of the US?
What is the current population of the world?
What is the national debt?
For which of the above would the integer data type be a problem?
5. Discuss the Comair problem described above. What are the repercussions of
such a problem?