The case for integer overflow checks?

Andrei Alexandrescu SeeWebsiteForEmail at
Mon Sep 18 13:25:55 UTC 2017

On 09/15/2017 04:46 AM, Guillaume Piolat wrote:
> As a die-hard native programmer I was always disgusted by integer 
> overflow checks and array bounds checks. Littering code with branches 
> everywhere? Just let me go as fast possible please!
> Last week I was explained by security people how a part of 
> vulnerabilities todays are attacks on image parsers, and how integer 
> overflow checks may help there.
> IIRC a typical attack on image format parser is to forge an image with a 
> width and height that will overflow an int.
> On allocation, the result of the multiplied wraps around like this:
>      int width = parse_width_from_stream();     // eg: 131072
>      int height = parse_height_from_stream();   // eg: 131073
>      ubyte[] data = malloc(width * height * 4); // wraps around, 
> allocates way less memory than that

For the record, with the help of std.experimental.checkedint, the change 
that fixes the code would be:

malloc(width * height * 4) ==> malloc((checked(width) * height * 4).get)

That aborts the application with a message if a multiplication overflows.


More information about the Digitalmars-d mailing list