The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
Extended Description
This can happen in signed and unsigned cases.
Alternate Terms
Integer underflow:
"Integer underflow" is sometimes used to identify signedness errors in
which an originally positive number becomes negative as a result of
subtraction. However, there are cases of bad subtraction in which
unsigned integers are involved, so it's not always a signedness
issue.
"Integer underflow" is occasionally used to describe array index
errors in which the index is negative.
This weakness will generally lead to undefined behavior and therefore
crashes. In the case of overflows involving loop index variables, the
likelihood of infinite loops is also high.
Integrity
Technical Impact: Modify memory
If the value in question is important to data (as opposed to flow),
simple data corruption has occurred. Also, if the wrap around results in
other conditions such as buffer overflows, further memory corruption may
occur.
Confidentiality
Availability
Access Control
Technical Impact: Execute unauthorized code or
commands; Bypass protection
mechanism
This weakness can sometimes trigger buffer overflows which can be used
to execute arbitrary code. This is usually outside the scope of a
program's implicit security policy.
Demonstrative Examples
Example 1
The following example has an integer underflow. The value of i is
already at the lowest negative value possible. The new value of i is
2147483647.
Description
