» Safe Integer Operations

This my crack at a (quick!) safe integer library for C. The routines are based off of the recommendations at CERT’s secure coding site, but I’m trying to add interfaces that are more appealing to the developer.

Shockingly, integer overflows and sign errors are incredibly common in software still. One normal mistake is to use user-supplied values in multiplicative statements for memory allocation, e.g. malloc(sizeof(giantstruct) * user_int). These sort of error, while seemingly trivial, easily results in exploitable heap overflows.

safe_iop is a simple library that I’m releasing to the public domain which can help with these. Not only does it supply simple integer operation helper functions, it also supplies a more complex interface:

      bool safe_iopf(void *dst, char *format, ...);

This syntax takes in a format char array and performs the specified actions on the remaining arguments. For instance,

      if (!safe_iopf(&result, "++", i, j, k)) {

This gets even trickier by allowing the specification of size and signedness:

      if (!safe_iopf(&result, "u32*s32+", i, j, k)) {

The above case describes an unsigned 32-bit integer multiplication between i and j followed by a signed int32 addition with k.

There are still some kinks to work out and currently only 32-bit integer operations are supported, but I’m hoping this slightly friendlier interface might make software a slight bit better.

Update: see the github project if you have any interest in where this is today. (Likely dormant!)

tags: code - safeint - security

this page does not necessarily reflect the views of my employer or anyone i'm associated with.