codeql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.qhelp at f4b9efcdce2a1479377bbc683031e00cc872966a · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
<!DOCTYPE qhelp PUBLIC
  "-//Semmle//qhelp//EN"
  "qhelp.dtd">
<qhelp>
<overview>
<p>Performing calculations on user-controlled data can result in integer overflows
unless the input is validated.</p>

<p>If the user is free to enter very large numbers, even arithmetic operations that would usually
result in a small change in magnitude may result in overflows.</p>

</overview>
<recommendation>

<p>Always guard against overflow in arithmetic operations on user-controlled data by doing one of the
following:</p>

<ul>
<li>Validate the user input.</li>
<li>Define a guard on the arithmetic expression, so that the operation is performed only if the
result can be known to be less than, or equal to, the maximum value for the type, for example <code>MAX_VALUE</code>.</li>
<li>Use a wider type, so that larger input values do not cause overflow.</li>
</ul>

</recommendation>
<example>

<p>In this example, a value is read from standard input into an <code>int</code>. Because the value
is a user-controlled value, it could be extremely large. Performing arithmetic operations on this
value could therefore cause an overflow. To avoid this happening, the example shows how to perform
a check before performing a multiplication.</p>

<sample src="ArithmeticTainted.java" />

</example>
<references>

<li>SEI CERT Oracle Coding Standard for Java:
  <a href="https://wiki.sei.cmu.edu/confluence/display/java/NUM00-J.+Detect+or+prevent+integer+overflow">NUM00-J. Detect or prevent integer overflow</a>.</li>


<!--  LocalWords:  CWE
 -->

</references>
</qhelp>