Towards Integer Safety

Abstract

Because integers have fixed ranges, arithmetic operations on them can cause unexpected wrapping or overflow. Unsigned integers display modular behavior. While this behavior is well-defined, it is often unexpected. Signed integers also frequently display modular behavior, but signed integer overflow is actually undefined behavior. Many real-world vulnerabilities and exploits arise from signed integer overflow or unsigned integer wrapping (CVE-2009-1385 and CVE-2014-4377 among many others).

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Jan 01, 2020
Accession Number
AD1110345

Entities

People

  • David Svoboda

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Arithmetic
  • Computations
  • Conversion
  • Department Of Defense
  • Embedding
  • Instructions
  • Language
  • Materials
  • Mathematics
  • Platforms
  • Precision
  • Semantics
  • Standards
  • Template Patterns
  • Truncation
  • Vulnerability

Readers

  • Agent-Based Social Robotics and Mobile-Assisted Learning in Virtual Environments.
  • Computer Networking
  • Mathematical Modeling and Probability Theory.