Wrap-around Error |
Weakness ID: 128 (Weakness Base) | Status: Incomplete |
Description Summary
Scope | Effect |
---|---|
Availability | Wrap-around errors generally lead to undefined behavior, infinite loops, and therefore crashes. |
Integrity | If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur. |
Integrity | A wrap around can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy. |
Requirements specification: The choice could be made to use a language that is not susceptible to these issues. |
Phase: Architecture and Design Provide clear upper and lower bounds on the scale of any protocols designed. |
Phase: Implementation Place sanity checks on all incremented variables to ensure that they remain within reasonable bounds. |
Due to how addition is performed by computers, if a primitive is incremented past the maximum value possible for its storage space, the system will fail to recognize this, and therefore increment each bit as if it still had extra space. Because of how negative numbers are represented in binary, primitives interpreted as signed may "wrap" to very large negative values. |
Ordinality | Description |
---|---|
Primary | (where the weakness exists independent of other weaknesses) |
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 189 | Numeric Errors | Development Concepts699 |
ChildOf | ![]() | 682 | Incorrect Calculation | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | ![]() | 742 | CERT C Secure Coding Section 08 - Memory Management (MEM) | Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734 |
CanPrecede | ![]() | 119 | Failure to Constrain Operations within the Bounds of a Memory Buffer | Research Concepts1000 |
PeerOf | ![]() | 190 | Integer Overflow or Wraparound | Research Concepts1000 |
The relationship between overflow and wrap-around needs to be examined more closely, since several entries (including CWE-190) are closely related. |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
CLASP | Wrap-around error | ||
CERT C Secure Coding | MEM07-C | Ensure that the arguments to calloc(), when multiplied, can be represented as a size t |
CAPEC-ID | Attack Pattern Name | (CAPEC Version: 1.4) |
---|---|---|
92 | Forced Integer Overflow |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
CLASP | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Applicable Platforms, Background Details, Common Consequences, Relationships, Relationship Notes, Taxonomy Mappings, Weakness Ordinalities | ||||
2008-11-24 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2009-10-29 | CWE Content Team | MITRE | Internal | |
updated Common Consequences, Relationships |