IOC Journal Edition: Highlights

Mon 12/07/15   15:33  in  integer

I’m excited to announce the publication of the journal version of “Understanding Integer Overflow in C/C++”, appearing in TOSEM Volume 25 Issue 1. This is an updated and expanded version of our ICSE12 paper of the same name. The longer journal format enabled a more thorough treatment of the subject, and we did our best to take advantage of that opportunity.

Thanks to my co-authors for all their efforts, and especially for seeing this work through to the end. It’s been a long run and you guys are great.

Read Full Post

Catching pointer overflow bugs

Mon 11/18/13   18:05  in  technical

In all varieties of C/C++, pointer arithmetic is undefined if it overflows. That is to say the following example:

void invalid(char *p) {
  char *q = p + 1;
  printf("%p\n", p - (uintptr_t)q);

invokes undefined behavior as it causes the pointer value to wraparound to the equivalent of -sizeof(char), which is 0xffffffffffffffff on my 64bit system.

Unlike integer overflows which can be dangerous or benign regardless of intention (ICSE12), pointer overflows are very unlikely to be intentional and may be the source of a more serious bug resulting in incorrect behavior or program crashing.

Read Full Post

Undefined Behavior in Binutils Causes Segfault

Mon 08/19/13   14:24  in  integer

As reported on the binutils bugzilla.

No response yet, but should be easy to fix.

Details follow (same as in bug report but easier to read).

Read Full Post