Re: [PAPER]: Integer array overflows.

["Steven M. Christey" <coley () mitre org>]

vade79,

Thanks for writing this paper.  It's papers like these that help to
increase the awareness of emerging vulnerability classes and solidify
terminology.  Overflows by manipulating array indices have been
reported in the past, but often under the increasingly-generic moniker
"buffer overflow," which no longer adequately describes the nature of
the underlying programming/design bug.

It would be interesting if somebody tackled the difference between
"integer overflows" and "signedness errors," as I've seen the terms
being used interchangeably.


Steve Christey
CVE Editor