The case for integer overflow checks?

Kagamin via Digitalmars-d digitalmars-d at puremagic.com
Fri Sep 15 12:04:27 UTC 2017


On Friday, 15 September 2017 at 08:46:57 UTC, Guillaume Piolat 
wrote:
>     int width = parse_width_from_stream();     // eg: 131072
>     int height = parse_height_from_stream();   // eg: 131073

Do you hope to see such code? Since width can't be negative, C 
programmer would use unsigned integer for it, and you can't 
prohibit overflow for unsigned integer. It is unfixable for array 
length, because unsigned integers are invariably used for length. 
Blueborn vulnerabilities rely on overflow of unsigned integers 
(for buffer length) to trigger buffer overflow in calls to 
memcopy. But buffer overflow would normally be prevented by bound 
checks in case of integer overflow. Just have a safer wrapper 
around malloc in your example.


More information about the Digitalmars-d mailing list