# Integer Overflow (Bugs) in C

Discussion in 'C' started by lionaneesh, Jun 16, 2011.

1. ### lionaneeshActive Member

Joined:
Mar 21, 2010
Messages:
848
224
Trophy Points:
43
Occupation:
Student
Location:
India
Integers is a fundamental data type in a C program, They are used to represent a finite subset of mathematical integers, C Provides us with a suite of functions, and quite a lot of modifiers for manipulating these integers , but if these functions and modifiers are not used properly and carefully they can lead top disastrous results like failing of a Program Logic , Security breach , A break in authentication applications etc.

### Integer Overflow

Integer data types in C have a fixed size and limits and which cannot be changed dynamically, This drawback have resulted in a bug commonly known as ‘Integer Overflow bugs’. These bugs are one of the difficult bugs to track down and fix. It happens When an arithmetic operation attempts to create a numeric value that is larger than can be represented within available storage space.

Basically what happens is , As we add 1 to the maximum value than can be represented within a storage space , The integer overflows and resets to the minimum value it can hold .

To make it simple let’s take an example of a odometer (non-digital) an odometer is used to measure distances and it consists of different rings! When odometer reaches its maximum value i.e some 9999’s after that it rolls over to its lowest value i.e 0.

### Demonstration

Bug.c
Code:
```  #include<stdio.h>

int main()
{
int i=0;

scanf("%d",&i);

printf("Value %d" , i);

return(0);
}
```
Compiling :-
Code:
```  gcc Bug.c –o Bug
```
Input : 1

Ouput :-
Code:
```  1
Value 1
```
Input : 2147483648
Code:
```  2147483648
Value -2147483648
```
Boom! See what just happened we have carried a successful Integer overflow attack o our application.

How it happened

I am currently using a 32 bit GCC compiler , with MAXIMUM integer limit set to 2147483647 , So as we add one more to it resets back to its minimum value i.e -2147483648.

This was just an example of how these bugs can be demonstrated , and believe me if you pick up 10 normal C applications and test them for these bugs I guarantee you’ll find at least one of them which is vulnerable.

### A Challenge

In the following challenge, You have to force the application to print the success message.

Code:
```  #include<stdio.h>

void printInt(unsigned int i)
{
if(i > 100)
{
printf("Success ! You did it!\nValue of Int : %u",i);
return(0);
}
}

int main()
{
int i=0;

scanf("%d",&i);

if(i > 100)
{
return(-1);
}
printInt(i);
return(0);
}
```
It may seem impossible at first, Read the article once more check if you are missing something , Read the Code carefully and you’ll get your solution.

Solution (don’t check it , at least before trying) :-

Give the input as ‘-1’
Code:
```  -1
Success ! You did it!
Value of Int : 4294967295
```
That’s all for this tutorial , Stay tuned for more!

2. ### lionaneeshActive Member

Joined:
Mar 21, 2010
Messages:
848
224
Trophy Points:
43
Occupation:
Student
Location:
India
Thanks for accepting my article , I hope the viewers will like it!

3. ### Avenger625New Member

Joined:
Feb 1, 2011
Messages:
20
2
Trophy Points:
0
I understood both of the codes - the Bug.c and the next one. I also understood, why such outputs are shown. But i did not get the link between the problem (Integer Overflow Bug) and the Challenge. I mean is "Challenge" a solution to the Bug.....the two codes are quite different in purpose, you see Bug.c adds and stores a no. into an integer variable that causes an overflow.
I simply could not link the 2 parts of the tutorial. Please, explain.....

And did we specifically use "100"????

Joined:
Mar 21, 2010
Messages:
848