Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.
This weakness will generally lead to undefined behavior and therefore
crashes. In the case of overflows involving loop index variables, the
likelihood of infinite loops is also high.
Integrity
Technical Impact: Modify memory
If the value in question is important to data (as opposed to flow),
simple data corruption has occurred. Also, if the wrap around results in
other conditions such as buffer overflows, further memory corruption may
occur.
Confidentiality
Availability
Access Control
Technical Impact: Execute unauthorized code or
commands; Bypass protection
mechanism
This weakness can sometimes trigger buffer overflows which can be used
to execute arbitrary code. This is usually outside the scope of a
program's implicit security policy.
Likelihood of Exploit
Medium
Demonstrative Examples
Example 1
The following image processing code allocates a table for
images.
This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119).
Potential Mitigations
Requirements specification: The choice could be made to use a language
that is not susceptible to these issues.
Phase: Architecture and Design
Provide clear upper and lower bounds on the scale of any protocols
designed.
Phase: Implementation
Place sanity checks on all incremented variables to ensure that they
remain within reasonable bounds.
Background Details
Due to how addition is performed by computers, if a primitive is
incremented past the maximum value possible for its storage space, the
system will not recognize this, and therefore increment each bit as if it
still had extra space. Because of how negative numbers are represented in
binary, primitives interpreted as signed may "wrap" to very large negative
values.
Weakness Ordinalities
Ordinality
Description
Primary
(where
the weakness exists independent of other weaknesses)
[REF-17] Michael Howard, David LeBlanc
and John Viega. "24 Deadly Sins of Software Security". "Sin 5: Buffer Overruns." Page 89. McGraw-Hill. 2010.
[REF-7] Mark Dowd, John McDonald
and Justin Schuh. "The Art of Software Security Assessment". Chapter 6, "Signed Integer Boundaries", Page
220.. 1st Edition. Addison Wesley. 2006.
Description
