O'Reilly logo
  • Sruthi Pakanati thinks this is interesting:


Numeric overflow conditions are also referred to in secure-programming literature as numeric overflows, arithmetic overflows, integer overflows, or integer wrapping. Numeric underflow conditions can be referred to as numeric underflows, arithmetic underflows, integer underflows, or integer wrapping. Specifically, the terms “wrapping around a value” or “wrapping below zero” might be used.

Although these conditions might seem as though they would be infrequent or inconsequential in real code, they actually occur quite often, and their impact can be quite severe from a security perspective. The incorrect result of an arith...


Cover of The Art of Software Security Assessment: Identifying and Preventing Software Vulnerabilities


Why Overflow and Undeflows matter?