Difference between revisions of "Cpp Coding Standards/SECURITY/IntOver"

From Apache OpenOffice Wiki
Jump to: navigation, search
(Initial revision)
 
Line 2: Line 2:
  
 
Hints:
 
Hints:
 +
*Read and understand [http://www.phrack.org/archives/60/p60-0x0a.txt this background article] on integer overflows.
 +
 
*Generally, use sal_Size for buffer sizes and counts. There is usually no reason to use a signed value here (but watch out for assignments and comparisons with signed types).
 
*Generally, use sal_Size for buffer sizes and counts. There is usually no reason to use a signed value here (but watch out for assignments and comparisons with signed types).
  

Revision as of 09:33, 18 January 2007

Be aware that integers have limited range – not properly checking valid input ranges before doing integer arithmetic, or assigning to other integer types of insufficient range, will lead to overflows. Often, integer overflows can be used as an attack vector to launch a subsequent buffer overflow, with the fatal consequences outlined in SECURITY:NoBufferOverflow.

Hints:

  • Generally, use sal_Size for buffer sizes and counts. There is usually no reason to use a signed value here (but watch out for assignments and comparisons with signed types).
  • If you perform integer arithmetic, and the result is used to index arrays, calculate sizes, or as a parameter to array-new, make sure the operands fall into a safe, and well-understood range (check before you perform the calculation)
  • Be extremely careful not to pass signed integers to memory allocation functions (new, alloca, rtl_allocateMemory), as they are interpreted as unsigned integers.
  • Triple-check any integer-related compiler warnings, and any cast operations that silence them.

See also Reviewing Code for Integer Manipulation Vulnerabilities.

Personal tools