Questions tagged [integer-overflow]
6 questions
4
votes
1 answer
How does using unsigned integers protect against integer overflow attacks?
In order to avoid problems with integer overflow in C or C++, some people have suggested to use unsigned integers. How can this protect against possible overflow attacks? Doesn't an unsigned integer still eventually overflow when incremented beyond…
Fumerian Gaming
- 163
- 1
- 7
2
votes
1 answer
Is this malloc wrapper safe?
I am trying to stop integer overflow vulnerabilities by creating a simple wrapper around malloc(3) and related functions. The idea is that it returns a NULL pointer if the amount of required memory is too large for the size_t argument (or zero). …
matoro
- 166
- 8
1
vote
3 answers
If x86 architecture has overflow flag in the CPU, then why can't we use it to detect integer overflows in C binaries?
I'm talking about the overflow flag that is used in some architectures like x86:
https://en.wikipedia.org/wiki/Overflow_flag
why aren't operating systems using this overflow flag to stop integer overflows?
what is the usage of this overflow flag…
OneAndOnly
- 388
- 2
- 10
0
votes
1 answer
Exploiting vulnerabilities in the C code
I'm preparing for an introductory information security examination in university and this is one of the examination questions on Secure Programming.
In such questions, I would usually catch for Buffer Overflow or Integer Overflow that lead to other…
Prashin Jeevaganth
- 131
- 3
0
votes
1 answer
Integer overflow check not detecting some cases
Something very weird happens when I control my code execution to fish out integer overflows. The control program checks the value of the overflow flag using inline assembly.
Code:
#include
#include
#include
int…
AXANO
- 899
- 7
- 23
-1
votes
1 answer
Is this integer overflow exploitable?
char buffer[100];
char buffer_size[40];
int i;
fgets(buffer_size,32,stdin);
i = atoi(buffer_size);
if(i+1 < 100)
if(i>=0)
fgets(buffer,i,stdin);
syubelsk1
- 7
- 2