The case for integer overflow checks?
Guillaume Piolat via Digitalmars-d
digitalmars-d at puremagic.com
Fri Sep 15 08:46:57 UTC 2017
As a die-hard native programmer I was always disgusted by integer
overflow checks and array bounds checks. Littering code with
branches everywhere? Just let me go as fast possible please!
Last week I was explained by security people how a part of
vulnerabilities todays are attacks on image parsers, and how
integer overflow checks may help there.
IIRC a typical attack on image format parser is to forge an image
with a width and height that will overflow an int.
On allocation, the result of the multiplied wraps around like
this:
int width = parse_width_from_stream(); // eg: 131072
int height = parse_height_from_stream(); // eg: 131073
ubyte[] data = malloc(width * height * 4); // wraps around,
allocates way less memory than that
This prepare the program to access data that is outside the truly
allocated area, for example in another block.
The other part of the job is to actually jump in the injected
code, but I've not understood this part (somehow implied knowing
how the specific allocator work in this case). Somehow integer
overflows are part of sophisticated attacks for which it's a
building block.
If overflow checks happen to be more or less cheap like
(surprinsingly) array bounds checks are, it could be a nice thing
to pay for.
References:
- Integer Overflow into Information Disclosure
http://nullprogram.com/blog/2017/07/19/
- Basic Integer Overflows http://phrack.org/issues/60/10.html
More information about the Digitalmars-d
mailing list