[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [OT] Resources to understand integer overflow bugs ?
A bit more ellaborately, I add an example for type mismanagement. I
saw someone wrote a program in yacc, that later I needed to correct.
However almost any similar union will do, if not used correctly. The
different lenghts of these can lead to real troubles. Not very obvious
struct with_many_things in_it;
In my example it was a poor design problem.
On Sat, Jun 29, 2002 at 11:09:12AM -0600, Theo de Raadt wrote:
> > Could someone point me to some easy to understand resources explaining
> > how integer overflow, like the OpenSSH one, occur ?
> Type mismanagement.
> > What I'm looking for is not how to exploit them, but how to avoid and
> > detect them in your own programs, with, for example, case studies of
> > different integer overflow bugs, to be able to recognize them faster.
> Pay attention to types, and use unsigned ints more often.
> That's about it. Yes, it is hard. You expected this to be easy?