Integer Error –”You Can’t Count That High” – CS0

 

Background

Summary:

Integer values that are too large or too small may fall outside the allowable bounds for their data type, leading to unpredictable problems that can both reduce the robustness of your code and lead to potential security problems.

Can't Sleep

Description:

Declaring a variable as type int allocates a fixed amount of space in memory. Most languages include several integer types, including short, int, long, etc., to allow for less or more storage. The amount of space allocated limits the range of values that can be stored. For example, a 32-bit int variable can hold values from -231 through 231-1.

Input or mathematical operations such as addition, subtraction, and multiplication may lead to values that are outside of this range. This results in an integer error or overflow, which causes undefined behavior and the resulting value will likely not be what the programmer intended. Integer overflow is a common cause of software errors and vulnerabilities.

Risk – How Can It Happen?

An integer error can lead to unexpected behavior or may be exploited to cause a program crash, corrupt data, lead to incorrect behavior, or allow the execution of malicious  software.

Example of Occurrence:

If this group reaches 4,294,967,296

1. There is a Facebook group called “If this group reaches 4,294,967,296 it might cause an integer overflow.” This value is the largest number that can fit in a 32 bit unsigned integer. If the number of members of the group exceeded this number, it might cause an overflow. Whether it will cause an overflow or not depends upon how Facebook is implemented and which language is used – they might use data types that can hold larger numbers. In any case, the chances of an overflow seem remote, as roughly 2/3 of the people on earth would be required to reach the goal of more than 4 billion members.

2. On December 25, 2004, Comair airlines was forced to ground 1,100 flights after its flight crew scheduling software crashed. The software used a 16-bit integer (max 32,768) to store the number of crew changes. That number was exceeded due to bad weather that month which led to numerous crew reassignments.

Code Responsibly – How Can I Avoid An Integer Error?

1. Know your limits: Familiarize yourself with the ranges available for each data type. Run Program 1 below to help you learn the sizes.

2. Choose your data types wisely: Many programming languages contain multiple data types for storing integer values. If you have any concerns about the integer values that you will be using, learn about the options available in the language you are using, and choose integer types that are large enough to hold the values you will be using.

3. Validate your input: Check input for range and reasonableness before conducting operations (more on this in later modules).

Laboratory Assignment

Program 1

import java.util.Scanner;

public class IntegerError {

  public static void main(String[] args) {

    Scanner scan = new Scanner(System.in);
    // variable declarations
    int i;
    int j;
    int result;

    System.out.println("Largest integer is "+Integer.MAX_VALUE);
    System.out.println("Smallest integer is "+Integer.MIN_VALUE);

    System.out.print("Input two integer values: ");
    i = scan.nextInt();
    j = scan.nextInt();

    System.out.println("\nYou entered the following values: ");
    System.out.println("Integer: "+ i + " " + j);

    /* comment these lines for now
    result =  i * 10;
    System.out.println("Your number times ten is "+result);
    result =  i + j;
    System.out.println("The sum of your numbers is "+result);
    result =  i * j;
    System.out.println("The product of your numbers is "+result);
    */

  }
}

Lab Questions:

  1. Type* the program above and compile. Run and enter reasonable integer values.
  2. Look at the output. What is the largest possible integer value?
  3. Remove the comment lines: /* and */. Compile and run again.
  4. Try inputting a large number to see if you create an error. Did you get an error when you type in 1 million (1,000,000)? 1 billion (1,000,000,000)? 10 billion (10,000,000,000)? Don’t type the commas when you enter the numbers.
  5. Complete the security checklist for this program.(Print the checklist).
  6. What happens when a program exceeds the largest integer value? Explain.
  7. How could addition result in an integer overflow?
  8. How could multiplication result in an integer overflow?
  9. What operation is most likely to cause an integer overflow?

*Copying and pasting programs may result in syntax errors and other inconsistencies. It is recommended you type each program.

 

Security Checklist

Security Checklist

Vulnerability: Integer Errors Course: CS0  
Check each line of code Completed
1. Underline each occurrence of an integer variable.  
For each underlined variable:  
2. Mark with a V any input operations that assign values to the variable.  
3. Mark with a V any mathematical operations involving the variable.  
4. Mark with a V any assignments made to the variable.  
Highlighted areas indicate vulnerabilities!  
 

Discussion Questions

  1. What is the largest possible value of type int? Explain your answer using the information you read in the Background section.
  2. What happens when the result of an operation on values of type int exceeds this value? Explain.

Further Work (optional – check with your instructor if you need to answer the following questions)

  1. Look up the following info:
    • What is the population of the US?
    • What is the population of the world?
    • What is the national debt?
  2. For which of the above would the integer data type be a problem?
  3. Discuss the Comair problem described above. What are the repercussions of such a problem?

 

 
Copyright © Towson University