Integer Error – “You Can’t Count That High” – CS1
Integer values that are too large or too small may fall outside the allowable bounds for their data type, leading to unpredictable problems that can both reduce the robustness of your code and lead to potential security problems.
Source: Can’t Sleep http://xkcd.com/571/
Declaring a variable as type int allocates a fixed amount of space in memory. Most languages include several integer types including short, int, long, etc. to allow for less or more storage. The amount of space allocated limits the range of values that can be stored. For example, a 32-bit int variable can hold values from -231 through 231-1.
Input or mathematical operations such as addition, subtraction, and multiplication may lead to values that are outside of this range. This results in an integer error or overflow, which causes undefined behavior and the resulting value will likely not be what the programmer intended. Integer overflow is a common cause of software errors and vulnerabilities.
Risk – How Can It Happen?
An integer error can lead to unexpected behavior or may be exploited to cause a program crash, corrupt data, or allow the execution of malicious software.
Example of Occurrence:
- There is a Facebook group called “If this group reaches 4,294,967,296 it might cause an integer overflow. “ This value is the largest number that can fit in a 32 bit unsigned integer. If the number of members of the group exceeded this number, it might cause an overflow. Whether it will cause an overflow or not depends upon how Facebook is implemented and which language is used – they might use data types that can hold larger numbers. In any case, the chances of an overflow seem remote, as roughly 2/3 of the people on earth would be required to reach the goal of more than 4 billion members.
- Many Unix operating systems store time values in 32-bit signed (positive or negative) integers, counting the number of seconds since midnight on January 1, 1970. On Tuesday, January 19, 2038, this value will overflow, becoming a negative number. Although the impact of this problem in 2038 is not yet known, there are concerns that software that projects out to future dates – including tools for mortgage payment and retirement fund distribution – might face problems long before then. Source: Year 2038 Problem” http://en.wikipedia.org/wiki/Year_2038_problem
- On June 4, 1996 an unmanned Ariane 5 rocket launched by the European Space Agency exploded just forty seconds after its lift-off from Kourou, French Guiana. Ariane explosion The rocket was on its first voyage, after a decade of development costing $7 billion. The destroyed rocket and its cargo were valued at $500 million. A board of inquiry investigated the causes of the explosion and in two weeks issued a report. It turned out that the cause of the failure was a software error in the inertial reference system. Specifically a 64 bit floating point number relating to the horizontal velocity of the rocket with respect to the platform was converted to a 16 bit signed integer. The number was larger than 32,767, the largest integer storeable in a 16 bit signed integer, and thus the conversion failed.
Code Responsibly – How Can I Avoid An Integer Error?
- Know your limits: Familiarize yourself with the ranges available for each data type. Since the size of data types may be compiler and machine dependent, it is a good idea to run this IntegerCheck program to show you the limits of each variable type.
- Choose your data types carefully: Many programming languages include multiple data types for storing integer values. If you have any concerns about the integer values that you will be using, learn about the options available in the language you are using, and choose integer types that are large enough to hold the values you will be using.
- Validate your input: Check input for ranges and reasonableness before conducting operations (more on this in future modules).
1. Type*the program IntegerCheck from above. Compile and run.
2. Examine the output. What is the largest possible integer value? What is the largest possible short integer?
3. Type* the lines below into the program.
System.out.print("Type an integer value: "); i = scan.nextInt(); System.out.print("Type a byte value: "); b = scan.nextByte(); System.out.print("Type a short value: "); sh = scan.nextShort(); System.out.print("Type a long value: "); lon = scan.nextLong(); System.out.println("\nYou entered the following values: "); System.out.println("Integer: " + i); System.out.println("Byte: " + b); System.out.println("Short: " + sh); System.out.println("Long: " + lon);
Compile and run. Enter valid values at each prompt.
4. Run again with “invalid” values. For example, what is the smallest positive value for the short that leads to an error?
5. Add the following lines to the end of the program:
short newsh = (short)(sh * 10);
System.out.println("Ten times " + sh + " is " + newsh);
Enter the value 4000 for the short. Try 3277. Explain the output. What happens when an integer error occurs ?
6. Add the following lines to the end of the program:
i = Integer.MAX_VALUE + 1;
System.out.println("Integer Overflow: " + Integer.MAX_VALUE + " + 1 = " +i);
Compile and run. Explain the output.
7. Print the program and the security checklist. Complete the security checklist. Submit marked program and completed checklist.
|Vulnerability: Integer Errors Course: CS1|
|Check each line of code||Completed|
|1. Underline each occurrence of an integer variable.|
|For each underlined variable:|
|2. Mark with a V any input operations that assign values to the variable.|
|3. Mark with a V any mathematical operations involving the variable.|
|4. Mark with a V any assignments made to the variable.|
|Highlighted areas indicate vulnerabilities!|
- In your own words, describe an integer error.
- How could an integer overflow error occur in your program?
- What happens when an integer error occurs?
- Why is multiplication particularly risky?
- Overflow can also occur when the dividend is equal to the minimum (negative) value for the signed integer type and the divisor is equal to -1. Demonstrate this problem adding the following lines to the end of the above program.
i = Integer.MIN_VALUE/-1;
System.out.println("Integer Overflow: " + Integer.MIN_VALUE + "/-1 = " +i);
Further Work (optional – check with your instructor if you need to answer the following questions)
- For each of the following give the appropriate Java declaration:
- Number of students at your college
- Population of Baltimore 637,455
- Population of Maryland 5.6 million
- the world population (6.6 billion)
- Name three things you might do in your next program to prevent an integer error from occurring.