...
Operator | Overflow |
| Operator | Overflow |
| Operator | Overflow |
| Operator | Overflow |
|---|---|---|---|---|---|---|---|---|---|---|
+ | yes |
| -= | yes |
| << | yes |
| < | no |
- | yes |
| *= | yes |
| >> | yes |
| > | no |
* | yes |
| /= | yes |
| & | no |
| >= | no |
/ | yes |
| %= | yes no |
| | | no |
| <= | no |
% | yes no |
| << | yes |
| ^ | no |
| == | no |
++ | yes |
| >>= | yes |
| ~ | no |
| != | no |
- | yes |
| &= | no |
| ! | no |
| && | no |
= | no |
| |= | no |
| un + | no |
| || | no |
+= | yes |
| ^= | no |
| un - | yes |
| ?: | no |
...
The following code can result in a signed integer overflow during the division of the signed operands sl1 and sl2 or in a divide-by-zero error. If this behavior is unanticipated, the resulting value may be used to allocate insufficient memory for a subsequent operation or in some other manner which could lead to an exploitable vulnerability.
...
Integer overflow can lead to buffer overflows and the execution of arbitrary code by an attacker.
References
- ISO/IEC 9899-1999 Section 6.5 Expressions
- Seacord 05 Chapter 5 Integers
- Warren 02 Chapter 2 Basics