IOC Journal Edition: Highlights
I’m excited to announce the publication of the journal version of “Understanding Integer Overflow in C/C++”, appearing in TOSEM Volume 25 Issue 1. This is an updated and expanded version of our ICSE12 paper of the same name. The longer journal format enabled a more thorough treatment of the subject, and we did our best to take advantage of that opportunity.
Thanks to my co-authors for all their efforts, and especially for seeing this work through to the end. It’s been a long run and you guys are great.
Catching pointer overflow bugs
In all varieties of C/C++, pointer arithmetic is undefined if it overflows. That is to say the following example:
void invalid(char *p) {
char *q = p + 1;
printf("%p\n", p - (uintptr_t)q);
}
invokes undefined behavior as it causes the pointer value to
wraparound to the equivalent of -sizeof(char)
, which is
0xffffffffffffffff
on my 64bit system.
Unlike integer overflows which can be dangerous or benign regardless of intention (ICSE12), pointer overflows are very unlikely to be intentional and may be the source of a more serious bug resulting in incorrect behavior or program crashing.
Undefined Behavior in Binutils Causes Segfault
As reported on the binutils bugzilla.
No response yet, but should be easy to fix.
Details follow (same as in bug report but easier to read).