Skip to main content
Information Security

Questions tagged [integer-overflow]

Ask Question

The tag has no summary.

7 questions
NewestActiveBountiedUnanswered
0votes
1answer
320views

If a library has a vulnerable function, but my code doesn't call it, is my code at risk? Do I need to update?

I am trying to analyze CVE-2023-34453. As per the NVD description, there is an integer overflow error in snappy-java, specifically in the method shuffle(int[] input) in BitShuffle.java. In a huge ...
anonymous's user avatar
anonymous
  • 465
2votes
1answer
560views

Is this malloc wrapper safe?

I am trying to stop integer overflow vulnerabilities by creating a simple wrapper around malloc(3) and related functions. The idea is that it returns a NULL pointer if the amount of required memory ...
matoro's user avatar
matoro
  • 286
0votes
1answer
554views

Exploiting vulnerabilities in the C code

I'm preparing for an introductory information security examination in university and this is one of the examination questions on Secure Programming. In such questions, I would usually catch for ...
Prashin Jeevaganth's user avatar
Prashin Jeevaganth
  • 131
1vote
3answers
5kviews

If x86 architecture has overflow flag in the CPU, then why can't we use it to detect integer overflows in C binaries? [closed]

I'm talking about the overflow flag that is used in some architectures like x86: https://en.wikipedia.org/wiki/Overflow_flag why aren't operating systems using this overflow flag to stop integer ...
OneAndOnly's user avatar
OneAndOnly
  • 410
0votes
1answer
348views

Integer overflow check not detecting some cases

Something very weird happens when I control my code execution to fish out integer overflows. The control program checks the value of the overflow flag using inline assembly. Code: #include <stdio....
AXANO's user avatar
AXANO
  • 899
-1votes
1answer
809views

Is this integer overflow exploitable?

char buffer[100]; char buffer_size[40]; int i; fgets(buffer_size,32,stdin); i = atoi(buffer_size); if(i+1 < 100) if(i>=0) fgets(buffer,i,stdin);
syubelsk1's user avatar
syubelsk1
  • 7
5votes
1answer
5kviews

How does using unsigned integers protect against integer overflow attacks?

In order to avoid problems with integer overflow in C or C++, some people have suggested to use unsigned integers. How can this protect against possible overflow attacks? Doesn't an unsigned integer ...
Fumerian Gaming's user avatar
Fumerian Gaming
  • 173

close