Understanding integer overflow in C/C++

Will Dietz, Peng Li, John Regehr, Vikram Adve

Research output: Contribution to journalArticlepeer-review

Abstract

Integer overflow bugs in C and C++ programs are difficult to track down and may lead to fatal errors or exploitable vulnerabilities. Although a number of tools for finding these bugs exist, the situation is complicated because not all overflows are bugs. Better tools need to be constructed, but a thorough understanding of the issues behind these errors does not yet exist. We developed IOC, a dynamic checking tool for integer overflows, and used it to conduct the first detailed empirical study of the prevalence and patterns of occurrence of integer overflows in C and C++ code. Our results show that intentional uses of wraparound behaviors are more common than is widely believed; for example, there are over 200 distinct locations in the SPEC CINT2000 benchmarks where overflow occurs. Although many overflows are intentional, a large number of accidental overflows also occur. Orthogonal to programmers' intent, overflows are found in both well-defined and undefined flavors. Applications executing undefined operations can be, and have been, broken by improvements in compiler optimizations. Looking beyond SPEC, we found and reported undefined integer overflows in SQLite, PostgreSQL, SafeInt, GNU MPC and GMP, Firefox, LLVM, Python, BIND, and OpenSSL; many of these have since been fixed.

Original languageEnglish (US)
Article number2
JournalACM Transactions on Software Engineering and Methodology
Volume25
Issue number1
DOIs
StatePublished - Nov 2015

Keywords

  • Integer overflow
  • Integer wraparound
  • Undefined behavior

ASJC Scopus subject areas

  • Software

Fingerprint

Dive into the research topics of 'Understanding integer overflow in C/C++'. Together they form a unique fingerprint.

Cite this