Integer Security

Integer overflow and wraparound are a growing and underestimated source of vulnerabilities in C and C++ programs. The CERT Division's Secure Coding team has worked on a number of solutions for addressing the issue of integer security. Previously, the Secure Coding team released open-source code for a secure integer model and published multiple technical reports on integer security.

The As-If Infinitely Ranged (AIR) Integer Model is a largely automated mechanism for eliminating integer overflow and integer truncation. The AIR integer model either produces a value equivalent to one that would have been obtained using infinitely ranged integers or reports a runtime constraint violation. Unlike previous integer models, AIR integers do not require precise traps, and consequently do not break or inhibit most existing optimizations. Instrumented Fuzz Testing Using AIR Integers (of libraries compiled using a prototype AIR integer compiler) has been effective in discovering vulnerabilities in software, with low false positive and false negative rates.

The report Ranged Integers for the C Programming Language introduces the notion of ranged integers, meaning integer types with a defined range of values, described as an extension to the C programming language. A variable of a ranged integer type will always have a value within the defined range as a result of initialization or assignment. Use of ranged integers would help prevent integer overflow errors, resulting in more reliable and secure C programs. The report presents the syntax and semantics of ranged integers, with illustrative examples.