Corgea LogoCorgea Security Hub

CWE-128: Wrap-around Error

Learn about CWE-128 (Wrap-around Error), its security impact, exploitation methods, and prevention guidelines.

What is Wrap-around Error?

• Overview: Wrap-around Error (CWE-128) occurs when a numeric value is incremented beyond its maximum limit, causing it to reset to a minimum, negative, or undefined value due to the limitations of the data type.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by manipulating inputs that cause numeric values to exceed their maximum limits, leading to unexpected behavior.
  • Common attack patterns include overflow attacks where attackers provide large input values to trigger wrap-around and potentially bypass security checks.

• Security Impact:

  • Direct consequences of successful exploitation include incorrect program logic, which can lead to vulnerabilities such as buffer overflows or corrupted data.
  • Potential cascading effects include system crashes, data corruption, or unauthorized access if security checks are bypassed.
  • Business impact may involve data breaches, loss of service availability, or compromised system integrity, leading to financial and reputational damage.

• Prevention Guidelines:

  • Specific code-level fixes include implementing boundary checks to ensure values do not exceed their maximum limits before incrementing.
  • Security best practices involve using safer data types that provide built-in overflow protection and employing rigorous input validation.
  • Recommended tools and frameworks include static analysis tools to detect potential overflow conditions and adopting languages or libraries that provide automatic overflow detection and handling.

Corgea can automatically detect and fix Wrap-around Error in your codebase. Try Corgea free today.

Technical Details

Likelihood of Exploit: Medium

Affected Languages: C, C++

Affected Technologies: Not specified

Due to how addition is performed by computers, if a primitive is incremented past the maximum value possible for its storage space, the system will not recognize this, and therefore increment each bit as if it still had extra space. Because of how negative numbers are represented in binary, primitives interpreted as signed may "wrap" to very large negative values.

Vulnerable Code Example

// This code demonstrates a wrap-around error vulnerability.
// The function attempts to allocate memory based on a user input size,
// but it does not check for overflow, which can lead to an incorrect allocation
// and potential buffer overflow.

#include <stdio.h>
#include <stdlib.h>

void allocateMemory(size_t inputSize) {
    size_t totalSize = inputSize + 10; // Vulnerability: potential wrap-around
    // If inputSize is very large, totalSize may wrap around and become small.
    int *buffer = (int *)malloc(totalSize * sizeof(int)); // Incorrect allocation size
    if (buffer == NULL) {
        fprintf(stderr, "Memory allocation failed\n");
        return;
    }

    // Potential buffer overflow if totalSize is incorrect
    for (size_t i = 0; i < totalSize; i++) {
        buffer[i] = 0;
    }

    // Free the allocated memory
    free(buffer);
}

int main() {
    size_t userInput = SIZE_MAX; // Simulating a large input which causes wrap-around
    allocateMemory(userInput);
    return 0;
}

How to fix Wrap-around Error?

To fix wrap-around errors, always check for potential overflow before performing arithmetic operations that could exceed the limits of the data type. Specifically, for memory allocation, ensure that the arithmetic operation you use to calculate the total memory size does not overflow. This can be done by checking whether the result is greater than the maximum value of the data type or by using safe functions or libraries that handle these checks automatically.

Fixed Code Example

// This code fixes the wrap-around error by adding a check for overflow before performing the allocation.
// We ensure that the arithmetic operation does not exceed the maximum value for size_t.

#include <stdio.h>
#include <stdlib.h>
#include <limits.h>

void allocateMemory(size_t inputSize) {
    // Check if adding 10 to inputSize would cause an overflow
    if (inputSize > SIZE_MAX - 10) {
        fprintf(stderr, "Input size too large, causes overflow\n");
        return;
    }
    size_t totalSize = inputSize + 10;
    int *buffer = (int *)malloc(totalSize * sizeof(int)); // Safe allocation size
    if (buffer == NULL) {
        fprintf(stderr, "Memory allocation failed\n");
        return;
    }

    // Safe use of the buffer
    for (size_t i = 0; i < totalSize; i++) {
        buffer[i] = 0;
    }

    // Free the allocated memory
    free(buffer);
}

int main() {
    size_t userInput = SIZE_MAX; // Simulating a large input
    allocateMemory(userInput);
    return 0;
}

Key Changes:

  • Overflow Check: Added a check before the arithmetic operation to ensure that adding 10 to inputSize does not exceed SIZE_MAX, which prevents wrap-around errors.
  • Safe Arithmetic: By confirming inputSize is within a safe range, we ensure that totalSize is calculated correctly and does not wrap around.
  • Improved Comments: Comments have been added to clearly explain the vulnerability and the fix.
  • Proper Syntax Highlighting: Corrected the syntax highlighting specification for C language and line number formatting.

This approach prevents the allocation from occurring if it would result in an overflow, thereby avoiding potential vulnerabilities related to memory allocation and buffer overflow.

Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-128: Wrap-around Error and get remediation guidance

Start for free and no credit card needed.