The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
This can happen in signed and unsigned cases.
"Integer underflow" is sometimes used to identify signedness errors in
which an originally positive number becomes negative as a result of
subtraction. However, there are cases of bad subtraction in which
unsigned integers are involved, so it's not always a signedness
"Integer underflow" is occasionally used to describe array index
errors in which the index is negative.
This weakness will generally lead to undefined behavior and therefore
crashes. In the case of overflows involving loop index variables, the
likelihood of infinite loops is also high.
Technical Impact: Modify memory
If the value in question is important to data (as opposed to flow),
simple data corruption has occurred. Also, if the wrap around results in
other conditions such as buffer overflows, further memory corruption may
Technical Impact: Execute unauthorized code or
commands; Bypass protection
This weakness can sometimes trigger buffer overflows which can be used
to execute arbitrary code. This is usually outside the scope of a
program's implicit security policy.
The following example subtracts from a 32 bit signed
i = -2147483648;
i = i - 1;
The example has an integer underflow. The value of i is already at the
lowest negative value possible, so after subtracting 1, the new value of
i is 2147483647.