The case for integer overflow checks?
Guillaume Piolat via Digitalmars-d
digitalmars-d at puremagic.com
Fri Sep 15 12:25:10 UTC 2017
On Friday, 15 September 2017 at 12:04:27 UTC, Kagamin wrote:
> Do you hope to see such code? Since width can't be negative, C
> programmer would use unsigned integer for it, and you can't
> prohibit overflow for unsigned integer. It is unfixable for
> array length, because unsigned integers are invariably used for
> length. Blueborn vulnerabilities rely on overflow of unsigned
> integers (for buffer length) to trigger buffer overflow in
> calls to memcopy.
This code isn't to be taken literally, the important bit is that
silent integer overflow allows this kind of attacks.
> But buffer overflow would normally be prevented by bound checks
> in case of integer overflow.
Well here I don't think so: this attack is used to adress a very
large space, while having a very small actually allocated memory
space. Bounds would be too large to matter.
> have a safer wrapper around malloc in your example.
That would be calloc.
The point is that it's easy to make the vulnerability disappear,
once you know about such things and traps. It falls under the
"unknown unknowns" category of risk most of the time though.
More information about the Digitalmars-d