linux(x86) exploit 开发系列2：整数溢出

Posted 2020-06-24

What is Integer Overflow?

Storing a value greater than maximum supported value is called integer overflow. Integer overflow on its own doesnt lead to arbitrary code execution, but an integer overflow might lead to stack overflow or heap overflow which could result in arbitrary code execution.

 

Data types size and its range:

datatype    size    unsigned_range             signed_range

char             1            0到255                         -128到127

short           2            0到65535                   -32768到32767

int               4        0到4294967296       -2147483648到2147483647

 

Integer underflow

Similarly storing a value lesser than the minimum supported value is called integer underflow. For example when we try to store -2147483649 to signed int data type, its gets wrapped around and stored as 21471483647. This is called integer underflow.

 

strlen()’s return type is size_t (unsigned int)