Why sign extension errors have high security risks?

Question

Can any one please explain why sign extension errors in any c,c++ programs have high security risks?

I've read that, sign extension errors "can often create buffer overflows and other memory based problems".

I read this article on Google,

http://minsky.gsi.dit.upm.es/semanticwiki/index.php/Sign_extension_error

But could not understand how does this affect any application, how can an attacker can exploit this type of vulnerability?

Thanks in Advance,

The example on your link is bad code due to blatant misuse of printf. Sign extension isn't the real issue there. Passing a struct by value to printf? Really?? — Avi Berger, Jan 19 '14 at 16:36

score 3 · Accepted Answer · answered Jan 19 '14 at 15:59

3

A good example is using a char as an index into a table. The type of char in C can be signed, so any character code > 0x7F will be extended to a negative index into the table. This is equivalent to a buffer overflow attack. C would have been better off with unsigned char as the default.

answered Jan 19 '14 at 15:59

stark

12,615
3
33
50

Usually an int is used an index, so "C would have been better off with unsigned char" doesn't really apply. – Devolus Jan 19 '14 at 16:01
I don't call this sign extension. It's merely the correct value of the expression. Sign extension is a *change in value* that happens when you convert a signed type to a wider unsigned type. Like Diti's example. – R.. GitHub STOP HELPING ICE Jan 19 '14 at 16:04

Why sign extension errors have high security risks?

1 Answers1