CWE-192: Integer Coercion Error
Learn about CWE-192 (Integer Coercion Error), its security impact, exploitation methods, and prevention guidelines.
What is Integer Coercion Error?
• Overview: Integer Coercion Error occurs when there are flaws in type casting, extending, or truncating primitive data types, leading to unexpected behavior in software applications.
• Exploitation Methods:
- Attackers can exploit this vulnerability by manipulating data inputs to cause incorrect type casting, leading to unexpected results.
- Common attack patterns include triggering buffer overflows or manipulating arithmetic operations to bypass security checks.
• Security Impact:
- Direct consequences include availability issues and data integrity problems.
- Potential cascading effects include leading to more severe vulnerabilities such as buffer overflows.
- Business impact can be significant, including data corruption, application crashes, and potential unauthorized access.
• Prevention Guidelines:
- Specific code-level fixes include validating all inputs and using safe casting functions.
- Security best practices involve using appropriate data types and ensuring bounds checking during type conversions.
- Recommended tools and frameworks include static analysis tools that can detect improper type casting and coercion errors.
Corgea can automatically detect and fix Integer Coercion Error in your codebase. Try Corgea free today.
Technical Details
Likelihood of Exploit:
Affected Languages: C, C++, Java, C#
Affected Technologies: Not specified
Vulnerable Code Example
// This function attempts to sum elements of an array and return the result.
// Vulnerable to integer coercion error when casting a larger integer type to a smaller one.
#include <stdio.h>
int sum_array(int *arr, int size) {
long sum = 0;
for (int i = 0; i < size; i++) {
sum += arr[i];
}
// Vulnerable line: casting long to int can cause overflow or data loss
return (int)sum;
}
int main() {
int values[] = {1000000, 2000000, 3000000};
int result = sum_array(values, 3);
printf("Sum: %d\n", result);
return 0;
}
In this vulnerable code example, the sum_array function calculates the sum of an integer array and returns it as an int. However, if the sum exceeds the range of int, the cast from long to int can cause overflow, leading to incorrect results.
How to fix Integer Coercion Error?
To fix the integer coercion error, ensure that the destination integer type can accommodate the values of the source type to prevent overflow and truncation. In this example, the sum variable is of type long, which can hold larger values than int. When casting long to int, if the long value exceeds the maximum value representable by int, it results in overflow, causing incorrect results.
To fix this issue:
- Use consistent types: If you expect the sum to exceed the range of
int, uselongas the return type instead ofint. - Check for overflow: Before casting, ensure that the value is within the range of the target type.
- Alternatively, avoid casting: Use the same data type for both the computation and the return value if possible.
Fixed Code Example
// Fixed version of the sum_array function, avoiding the coercion error by using consistent data types
#include <stdio.h>
long sum_array(int *arr, int size) {
long sum = 0;
for (int i = 0; i < size; i++) {
sum += arr[i];
}
// Avoid coercion by returning a long type directly
return sum;
}
int main() {
int values[] = {1000000, 2000000, 3000000};
// Correctly handle the larger sum by using a matching type
long result = sum_array(values, 3);
printf("Sum: %ld\n", result); // Use %ld to print a long integer
return 0;
}
In the fixed code, the function sum_array now returns a long type, which is consistent with the sum variable's type. This avoids the coercion error entirely by ensuring that no downcasting occurs. The main function is also updated to handle the return type correctly, using long and printing it with %ld. This change ensures that the program correctly handles large sums without risking overflow or data loss.