Integer Overflow - Building Secure Software - Lecture Slides, Slides of Software Engineering

Some concept of Building Secure Software are Anti-Phishing Software, Architectural Risk Analysis, Awareness And Training, Buffer Overflows , Wikipedia, Building Secure Software, Command Injection, Independence In Multiversion Programming. Main points of this lecture are: Integer Overflow , Bit, Sign Bit, Due, Overflow, Downcasting, Simple, Method Parameters, Safeint, Unsigned

Typology: Slides

2012/2013

Uploaded on 04/26/2013

sharad_984
sharad_984 🇮🇳

4.5

(13)

129 documents

1 / 5

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
Integer Overflow
Docsity.com
pf3
pf4
pf5

Partial preview of the text

Download Integer Overflow - Building Secure Software - Lecture Slides and more Slides Software Engineering in PDF only on Docsity!

Integer Overflow

Overflow example

  • byte b = 120; //0x
  • for(int i = 0; i < 140; i++)
  • System. out.println(b++);
  • Where b = 0x80, b becomes

negative

**-

0 1 2 3**

Overflow Due to Downcasting

  • int test = 128; //0x
  • byte c = (byte) test;//should be 128
  • System.out.printf("byte c should be %d but is %d%n",test, c);
  • if(c == -128)
  • System.out.println("error");
  • The 8-th bit is the sign bit for bytes.
  • Code Output:
  • byte c should be 128 but is -
  • error

Avoiding Overflow

• Use unsigned types when possible

• Check inputs and outputs

– I.e. Adding two positives should not result in

negative

• Make tests as simple as possible, do not try to

be clever

• Set limits on method parameters

• Use David LeBlanc’s SafeInt class (C++)