Secure Coding mailing list archives

Previous By Date Next
Previous By Thread Next

Java integer overflows (was: a really long topic)

From: vanderaj at greebo.net (Andrew van der Stock)
Date: Wed, 29 Mar 2006 14:41:17 +1100
I'm not talking arbitrary code execution, I'm talking about odd code  
paths, bizarre outcomes, and DoS.

For example (found via 19 Sins, Viega, Howard and LeBlanc):
http://seclists.org/lists/bugtraq/2004/Nov/0097.html

I know Michael reads webappsec, he may have more examples.

In my own code testing, I look for silly behaviors if a user can  
insert a large or negative number. You'd be surprised how often it  
occurs. There is no excuse not to include basic range checks when  
performing data validation.

thanks,
Andrew

On 29/03/2006, at 2:30 PM, michaelslists at gmail.com wrote:


No you dont.

Arrays are all bounds checked; ..., that is, the following code will
throw an exception:

================================
class Foo {
  static {
    int[] m = new int[2];
    System.out.println(m[34]);
  }
}
================================


What do you mean by "overflow"? Do you mean this?

================================
class Foo {
  static {
    int m = Integer.MAX_VALUE;
    int k = Integer.MAX_VALUE + Integer.MAX_VALUE;
    System.out.println(m);
    System.out.println(k);
    System.exit(0);
  }
}
================================

if so, I don't see how that is an issue.

-- Michael



On 3/29/06, Andrew van der Stock <vanderaj at greebo.net> wrote:

This is not quite true.

Java does not prevent integer overflows (it will not throw an
exception). So you still have to be careful about array indexes.

Andrew


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2234 bytes
Desc: not available
Url : http://krvw.com/pipermail/sc-l/attachments/20060329/344704c4/attachment.bin
Previous By Date Next
Previous By Thread Next

Current thread: