Scribd
Upload
5 views39 pages

C Language Issues Part 2

The document provides an overview of data storage and type conversions in C programming, focusing on signed and unsigned integers, integer promotions, and usual arithmetic conversions. It highlights the importance of understanding type conversions to avoid vulnerabilities, such as signed/unsigned conversions and truncation issues. Additionally, it discusses the rules governing type conversions and their implications in programming practices.

Uploaded by

skewfield1377
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
5 views39 pages

C Language Issues Part 2

The document provides an overview of data storage and type conversions in C programming, focusing on signed and unsigned integers, integer promotions, and usual arithmetic conversions. It highlights the importance of understanding type conversions to avoid vulnerabilities, such as signed/unsigned conversions and truncation issues. Additionally, it discusses the rules governing type conversions and their implications in programming practices.

Uploaded by

skewfield1377
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 39

Canadian

Institute for

Recap
Cybersecurity

- Data storage overview


- Concept of signed and unsigned integers
- How negative numbers are represented
- Arithmetic boundary conditions
- Type conversion
- How C handles types conversions

WHEN AND WHY ?


Canadian
Institute for
Cybersecurity
Type Conversions

How the compiler chooses which type conversions to apply in the context of C
expressions,

• You can look at some situations where these type conversions occur

It involves three important concepts:


• simple conversions,
• integer promotions, and
• Usual arithmetic conversions.
Canadian
Institute for
Cybersecurity
Simple Conversions

• Simple conversions are C expressions that use straightforward applications


of conversion rules.

Casts
• As you know, typecasts are C's mechanism for letting programmers
specify an explicit type conversion
Canadian
Institute for
Cybersecurity
Simple Conversions

Assignments
• The compiler must convert the type of the right operand into the type of
the left operand
Canadian
Institute for
Cybersecurity
Simple Conversions

Function calls
Canadian
Institute for
Cybersecurity
Simple Conversions

Function Calls: return


• return does a conversion of its operand to the type specified in the enclosing
function's definition.
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Integer Promotions

• Integer promotions specify how C takes a narrow integer data type, such as
a char or short, and converts it to an int (or, in rare cases, to an unsigned int).

• This up-conversion, or promotion, is used for two different purposes:


• Certain operators in C require an integer operand of type int or unsigned
int.
• Integer promotions are a critical component of C's rules for handling
arithmetic expressions, which are called the usual arithmetic conversions
Canadian
Institute for
Cybersecurity
Integer Promotions

https://wiki.sei.cmu.edu/confluence/display/c/INT02-C.+Understand+integer+conversion+rules
Canadian
Institute for
Cybersecurity
Integer Promotions

• Some data types like char , short int take less number of bytes than int.

• These data types are automatically promoted to int or unsigned int when an
operation is performed on them. This is called integer promotion

- no arithmetic calculation happens on smaller types like char, short and enum.
- They are first converted to int or unsigned int and then arithmetic is done on
them.
- If an int can represent all values of the original type, the value is converted to
an int . Otherwise, it is converted to an unsigned int.
Canadian
Institute for
Cybersecurity
Integer Promotions

• Each integer data type is assigned what is known as an integer


conversion rank. These ranks order the integer data types by their width
from lowest to highest.

• The signed and unsigned varieties of each type are assigned the same
rank.
Canadian
Institute for
Cybersecurity
Integer Promotions

• Basically, any place in C where you can use an int or unsigned int, you can also use any
integer type with a lower integer conversion rank.

• The ranking is based on the concept that each integer type contains at least as many
bits as the types ranked below it.

https://www.open-std.org/jtc1/sc22/wg14/www/docs/n1256.pdf
Canadian
Institute for
Cybersecurity
Integer Promotions

• If you apply the integer promotions to a variable, what happens?

• First, if the variable is not an integer type, the promotions do nothing.

• Second, if the variable is an integer type, but its integer conversion rank is greater than or
equal to that of an int, the promotions do nothing. Therefore, ints, unsigned ints, long ints,
pointers, and floats do not get altered by the integer promotions.
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Usual Arithmetic Conversions

Ø Rule 1: Floating Points Take Precedence


Ø Rule 2: Apply Integer Promotions
Ø Rule 3: Same Type After Integer Promotions
Ø Rule 4: Same Sign, Different Types
Ø Rule 5: Unsigned Type Wider Than or Same Width as Signed Type
Ø Rule 6: Signed Type Wider Than Unsigned Type, Value Preservation
Possible
Ø Rule 7: Signed Type Wider Than Unsigned Type, Value Preservation
Impossible
Canadian
Usual Arithmetic Conversions Institute for
Cybersecurity

Rule 2: Apply Integer Promotions

If you have two operands and neither is a float, you get into the rules for
reconciling integers
Canadian
Usual Arithmetic Conversions Institute for
Cybersecurity

Rule 2: Apply Integer Promotions

unsigned short a=1; a is converted from an unsigned short to an int, and


if ((a-5) < 0) do_something(); then an int with a value of 5 is subtracted from it.
The resulting value is -4, which is a valid integer
value, so the comparison is true.
unsigned short a=1; The integer promotion still occurs with the (a-5),
a=a-5; but the resulting integer value of -4 is placed back
into the unsigned short a. As you know, this causes
if (a < 0) do_something(); a simple conversion from signed int to unsigned
short, which causes truncation to occur, and a ends
up with a large positive value. Therefore, the
comparison does not succeed.
Canadian
Institute for
Cybersecurity
Usual Arithmetic Conversions

Ø Rule 5: Unsigned Type Wider Than or Same Width as Signed Type

The first rule for this situation is that if the unsigned operand is of greater integer conversion
rank than the signed operand, or their ranks are equal, you convert the signed operand to the
type of the unsigned operand.

int jim = -5; jim is a signed integer, and sizeof (int) is a size_t, which is an
unsigned integer type.
if (jim < sizeof (int)) Because size_t has a greater integer conversion rank, the unsigned
do_something(); type takes precedence by this rule. Therefore, jim is converted to an
unsigned integer type, the comparison fails, and do_something() is
not called
if (4294967291 < 4)
do_something();
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Type Conversion Vulnerabilities

• Signed/Unsigned Conversions
• Sign Extension
• Truncation
• Conversion
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Signed/Unsigned Conversions

• Most libc routines that take a size parameter have an argument of type
size_t, which is an unsigned integer type.

• This is why you must be careful never to let a negative length field make its
way to a libc routine, such as snprintf(), strncpy(), memcpy(), read(), or strncat().
Canadian
Institute for
Cybersecurity

A negative length is converted to a size_t type for the call to read()


Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Canadian
Institute for
Cybersecurity
Q. 1: How can type conversion in C result in vulnerabilities and how can you avoid them?
Q. 2: Were you previously aware of these vulnerabilities. What did you learn from this lesson
Q. 3: What do you think, how can you avoid integer overflow/underflow vulnerability.

You might also like