Ranged Integers to beat Integer Overflows

By Paladion

February 7, 2007

A few weeks ago, I read an interesting piece on a proposed change to the C language to combat Integer overflows.
An integer overflow happens when a 32-bit integer variable is assigned a larger number, say a 35-bit number. The variable can't hold this very large number, and usually ignores the left-most 3 bits. In the process, the variable might end up with a very small value. That might lead to unexpected results.
In practice, this is a security issue only if the integer that's overflown is used for memory allocation. Say, the program declares an array of size i, and let's say i is usually a big number. If an attacker overflows i, then i could end up with a low value. The array that's then created is much smaller in size than what the programmer expects. Now, the program might inadvertently write beyond this small array. Like buffer overflows, attackers can execute their shell code with Integer overflows. Here's a famous incident recently.
There is a proposal to modify the C language (Standard ANSI C) to protect against Integer overflows. I don't know if it's a good idea to change the language, but the proposal is interesting. The suggestion is to add a range for integers. When a programmer declares an integer, he can specify the range of values it will take.
In the example below, i can only take a value between 0 to 1000.
int 0...1000 i;
Now, if somebody feeds a bigger value, say 3442 to i, then i will take it as 1000, the maximum value. The C compiler will generate the object code such that the max value for i is 1000. The programmer does not have to validate the input. Or i can't be overflown. This proposal is called Ranged Integers.
C programmers can then write more freely, that's the argument for the change. But of course, none of the old code will benefit from this new feature. Only new code which includes this usage will benefit.
When we learn a language like C, we think it's a fixed, stable language. That's how we learnt it initially, rt.? So it's interesting to see it evolve and defend against real world security threats.

Tags: Uncategorized