SV.INT_OVF
Tainted data may lead to Integer Overflow
This error appears when tainted data can be traced to arithmetical operations.
As of release 2023.2, this checker supports Jakarta EE.
Vulnerability and risk
Integer overflow may fail some important security checks, which can lead to privilege escalation, or can lead to denial-of-service (DoS) attacks. For example, a loop counter can lead to infinitive or very long loops, or to excessive memory allocation, if large numbers of objects are requested. All operations can lead to problems, not just addition and multiplication.
Klocwork security vulnerability (SV) checkers identify calls that create potentially dangerous data; these calls are considered unsafe sources. An unsafe source can be any data provided by the user, since the user could be an attacker or has the potential for introducing human error.
Mitigation and prevention
Make sure any int values you process are in the correct range and, if they are expecting size values, always check that the values are not negative and check again the allowable top limit.
Vulnerable code example 1
import javax.servlet.http.*;
protected void doPost(HttpServletRequest req,
HttpServletResponse resp) throws ServletException,
IOException {
String amount = req.getParameter("creditAmount");
int value = Integer.parseInt(amount);
int prevCreditBalance = getCreditBalance(req
.getParameter("user"));
// maximum credit is 5000
if (prevCreditBalance + value > 5000) {
// transaction
dosomething();
}
// ...
}
Klocwork produces the following report:
com/klocwork/examples/Example_117.java:10:Severe(2): SV.INT_OVF: Tainted data value from getParameter().$RET used in arithmetic operation '+' can cause integer overflow or unexpected result -> getParameter().$RET at com/klocwork/examples/Example_117.java:5 -> amount at com/klocwork/examples/Example_117.java:5 10 -> parseInt().$RET at com/klocwork/examples/Example_117.java:6 -> value at com/klocwork/examples/Example_117.java:6 10
Vulnerable code example 2
import jakarta.servlet.http.*;
protected void doPost(HttpServletRequest req,
HttpServletResponse resp) throws ServletException,
IOException {
String amount = req.getParameter("creditAmount");
int value = Integer.parseInt(amount);
int prevCreditBalance = getCreditBalance(req
.getParameter("user"));
// maximum credit is 5000
if (prevCreditBalance + value > 5000) {
// transaction
dosomething();
}
// ...
}
Klocwork produces the following report:
com/klocwork/examples/Example_117.java:10:Severe(2): SV.INT_OVF: Tainted data value from getParameter().$RET used in arithmetic operation '+' can cause integer overflow or unexpected result -> getParameter().$RET at com/klocwork/examples/Example_117.java:5 -> amount at com/klocwork/examples/Example_117.java:5 10 -> parseInt().$RET at com/klocwork/examples/Example_117.java:6 -> value at com/klocwork/examples/Example_117.java:6 10
External guidance
Security training
Application security training materials provided by Secure Code Warrior.
Extension
This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.