CSCE 548 Integer Overflows Format String Problem.

Slides:



Advertisements
Similar presentations
Addition and Subtraction. Outline Arithmetic Operations (Section 1.2) – Addition – Subtraction – Multiplication Complements (Section 1.5) – 1’s complement.
Advertisements

COE 202: Digital Logic Design Signed Numbers
Addition of two binary numbers = = = = 39.
James Tam Numerical Representations On The Computer: Negative And Rational Numbers How are negative and rational numbers represented on the computer? How.
CS 151 Digital Systems Design Lecture 3 More Number Systems.
Assembly Language and Computer Architecture Using C++ and Java
Assembly Language and Computer Architecture Using C++ and Java
1 Binary Arithmetic, Subtraction The rules for binary arithmetic are: = 0, carry = = 1, carry = = 1, carry = = 0, carry =
CSCE 211: Digital Logic Design Chin-Tser Huang University of South Carolina.
VIT UNIVERSITY1 ECE 103 DIGITAL LOGIC DESIGN CHAPTER I NUMBER SYSTEMS AND CODES Reference: M. Morris Mano & Michael D. Ciletti, "Digital Design", Fourth.
DIGITAL SYSTEMS TCE1111 Representation and Arithmetic Operations with Signed Numbers Week 6 and 7 (Lecture 1 of 2)
ENGIN112 L3: More Number Systems September 8, 2003 ENGIN 112 Intro to Electrical and Computer Engineering Lecture 3 More Number Systems.
S. Barua – CPSC 240 CHAPTER 2 BITS, DATA TYPES, & OPERATIONS Topics to be covered are Number systems.
Signed Numbers CS208. Signed Numbers Until now we've been concentrating on unsigned numbers. In real life we also need to be able represent signed numbers.
Number System and Codes
Number Systems Lecture 02.
Chapter 3 Data Representation part2 Dr. Bernard Chen Ph.D. University of Central Arkansas Spring 2010.
Dr. Bernard Chen Ph.D. University of Central Arkansas
Binary numbers and arithmetic. ADDITION Addition (decimal)
Chapter3 Fixed Point Representation Dr. Bernard Chen Ph.D. University of Central Arkansas Spring 2009.
Computer Organization & Programming Chapter2 Number Representation and Logic Operations.
Arithmetic for Computers
CSCI-365 Computer Organization Lecture Note: Some slides and/or pictures in the following are adapted from: Computer Organization and Design, Patterson.
Numbers and number systems
Lecture 5.
Information Representation (Level ISA3) Floating point numbers.
Computer Arithmetic Nizamettin AYDIN
BINARY ARITHMETIC Binary arithmetic is essential in all digital computers and in many other types of digital systems.
#1 Lec # 2 Winter EECC341 - Shaaban Positional Number Systems A number system consists of an order set of symbols (digits) with relations.
IT253: Computer Organization
Computer Architecture
46 Number Systems Problem: Implement simple pocket calculator Need: Display, adders & subtractors, inputs Display: Seven segment displays Inputs: Switches.
Lecture 4 Last Lecture –Positional Numbering Systems –Converting Between Bases Today’s Topics –Signed Integer Representation Signed magnitude One’s complement.
CSCE 548 Buffer Overflow SQL Injection. Process Memory Organization Process memory: 3 regions – Text: fixed by the program, includes code, read-only (attempt.
Operations on Bits Arithmetic Operations Logic Operations
Computer Math CPS120 Introduction to Computer Science Lecture 4.
Integer and Fixed Point P & H: Chapter 3
Data Representation in Computer Systems. 2 Signed Integer Representation The conversions we have so far presented have involved only positive numbers.
07/12/ Data Representation Two’s Complement & Binary Arithmetic.
Digital Logic Lecture 3 Binary Arithmetic By Zyad Dwekat The Hashemite University Computer Engineering Department.
1 Lecture 7: MARS, Computer Arithmetic Today’s topics:  MARS intro  Numerical representations  Addition and subtraction.
IT1004: Data Representation and Organization Negative number representation.
Tokens in C  Keywords  These are reserved words of the C language. For example int, float, if, else, for, while etc.  Identifiers  An Identifier is.
ECE DIGITAL LOGIC LECTURE 3: DIGITAL COMPUTER AND NUMBER SYSTEMS Assistant Prof. Fareena Saqib Florida Institute of Technology Fall 2016, 01/19/2016.
CS426Fall 2010/Lecture 141 Computer Security CS 426 Lecture 14 Software Vulnerabilities: Format String and Integer Overflow Vulnerabilities.
09/03/20161 Information Representation Two’s Complement & Binary Arithmetic.
Computer Math CPS120 Introduction to Computer Science Lecture 7.
Fuw-Yi Yang1 數位系統 Digital Systems Department of Computer Science and Information Engineering, Chaoyang University of Technology 朝陽科技大學資工系 Speaker: Fuw-Yi.
DATA REPRESENTATION Data Types Complements Fixed Point Representations
Number Systems. The position of each digit in a weighted number system is assigned a weight based on the base or radix of the system. The radix of decimal.
1 Integer Representations V1.0 (22/10/2005). 2 Integer Representations  Unsigned integer  Signed integer  Sign and magnitude  Complements  One’s.
973cs111_add_posneg.ppt Integers Whole numbers Do NOT contain decimal points (as in money) 43,689 is an integer 43, is NOT an integer (it is floating.
Lecture 4: Digital Systems & Binary Numbers (4)
1 CE 454 Computer Architecture Lecture 4 Ahmed Ezzat The Digital Logic, Ch-3.1.
Computer Representation of Information
David Kauchak CS 52 – Spring 2017
Chapter 4 Operations on Bits.
Lecture 2 Topics Binary Arithmetic (Unsigned binary operands)
Wakerly Section 2.4 and further
Lecture 2 Topics Binary Arithmetic (Unsigned binary operands)
The University of Adelaide, School of Computer Science
Data Representation Data Types Complements Fixed Point Representation
How are negative and rational numbers represented on the computer?
Chapter 3 DataStorage Foundations of Computer Science ã Cengage Learning.
Computer Organization COMP 210
Recent from Dr. Dan Lo regarding 12/11/17 Dept Exam
Chapter3 Fixed Point Representation
靜夜思 床前明月光, 疑是地上霜。 舉頭望明月, 低頭思故鄉。 ~ 李白 李商隱.
Presentation transcript:

CSCE 548 Integer Overflows Format String Problem

Arithmetic Operations Number system: base, radix == 7     Binary, Octal, Hexadecimal representation Fixed point representation Sign, magnitude, decimal point Complements: represent negative numbers r’s complement -- 2’s complement (r-1)’s complement – 1’s complement 1’s complement of 1010 is ’s complement of 1010 is = 0110

Binary Fixed Point Positive number: 0 and the magnitude by a positive binary number Negative number: 1 (sign) and Signed magniture Signed 1’s complement Signed 2’s complement +9: : Signed magnitude: Signed 1’s complement: Signed 2’s complement:

Arithmetic Addition Adding two signed numbers: need to compare signs and relative magnitudes Sign + magnitude: as above Sign + signed 2’s complement: Add the two numbers and sign bits, discard any carry out on the left Example:

Overflow Two numbers of n digit each are added and the sum occupies n+1 digits True for binary or decimal numbers, signed or unsigned Cannot occur after an addition if one number is positive and the other is negative Using sign-magnitude representation, the overflow can be detected by the carry out of the number bit Adding 2’s complement, the sign is treated as part of the number, therefore the carry out does not indicate overflow

Problems with overflow: Fixed size registers Most computers check for register overflow  overflow flip-flop

C/C++ Data Types Source:

Type Casting ● Converting an expression of a given type into another type is known as type-casting. ● Implicit ● Explicit ● Example: Unsigned int to Larger unsigned int Best case (no worries) (177) #### #### (177)

Casting Operations Signed int to Larger unsigned int Value is first sign-extended, then cast Positive numbers behave normally Negative numbers may cause unexpected results (-67) #### #### (65,457)

Casting Operations Unsigned int to Same-Size signed int Bit pattern is preserved New value depends on original sign bit (179) #### (-77)

Casting Operations Downcast Truncates original value Data loss may occur Value may become negative (2,924) #### #### (108)

Implicit Casting Operators may cause implicit casting Operators (+,-,*,/,%,&,|,^,&&,||,!) follow these rules: If either operand is an unsigned long, both are upcast to an unsigned long. Otherwise, both operands are upcast to an int and the result is an int. Source: 19 Deadly Sins. Howard, Leblanc, Viega [2005]

Security Concerns Integer overflows may lead to buffer overruns Memory allocation Array indexing Unexpected control flow Crash

Mitigation Understand casting (explicit / implicit, sign-extension) Understand data types (signed / unsigned, range) Understand operators (upcasting, return types) Verify user input Don't depend on your compiler

Format string attacks C/C++ most strongly affected Not validating user input is the main reason for format string problems Reading strings from a compromised file another vulnerability

How it affects security Access Control: Redirect execution to malicious code Confidentiality: Can expose information about a program that can lead to further exploitation Integrity: Values can be overwritten in memory

Summary Lexical source code scanners can detect the errors Do use fixed format strings Do NOT pass user intput directly as the format string functions. Do avoid using printf(), scanf() family of functions if you can.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.