CSCE 548

Integer Overflows

Format String Problem

Arithmetic OperationsNumber system: base, radix

724.5 == 7102 + 2 101 +4 100 +5 10-1

Binary, Octal, Hexadecimal representation

Fixed point representation Sign, magnitude, decimal point

Complements: represent negative numbersr’s complement -- 2’s complement(r-1)’s complement – 1’s complement

1’s complement of 1010 is 0101 2’s complement of 1010 is 0101 + 1 = 0110

Binary Fixed Point Positive number: 0 and the magnitude by a

positive binary numberNegative number: 1 (sign) and

Signed magnitureSigned 1’s complement Signed 2’s complement

+9: 0 001001-9:

Signed magnitude: 1 001001Signed 1’s complement: 1 110110Signed 2’s complement: 1 110111

Arithmetic AdditionAdding two signed numbers: need to compare signs and

relative magnitudesSign + magnitude: as aboveSign + signed 2’s complement:

Add the two numbers and sign bits, discard any carry out on the left

Example: +6 0 000110 +6 0 000110

+9 0 001001 -9 1 110111

+15 0 001111 -3 1 111101

OverflowTwo numbers of n digit each are added and the

sum occupies n+1 digitsTrue for binary or decimal numbers, signed or

unsignedCannot occur after an addition if one number is

positive and the other is negativeUsing sign-magnitude representation, the

overflow can be detected by the carry out of the number bit

Adding 2’s complement, the sign is treated as part of the number, therefore the carry out does not indicate overflow

Problems with overflow:Fixed size registersMost computers check for register overflow

overflow flip-flop

C/C++ Data Types

Source: http://hubpages.com/hub/Data-Types-in-C-Language

Type Casting

Casting Operations

Casting Operations

Casting Operations

Implicit Casting

Security Concerns

Mitigation

Understand casting (explicit / implicit, sign-extension)

Understand data types (signed / unsigned, range)

Understand operators (upcasting, return types)

Verify user input

Don't depend on your compiler

Format string attacksC/C++ most strongly affected

Not validating user input is the main reason for format string problems

Reading strings from a compromised file another vulnerability

How it affects securityAccess Control: Redirect execution to malicious

code

Confidentiality: Can expose information about a program that can lead to further exploitation

Integrity: Values can be overwritten in memory

Summary Lexical source code scanners can detect the errors Do use fixed format stringsDo NOT pass user intput directly as the format

string functions.Do avoid using printf(), scanf() family of functions if

you can.