Description
CWE: 191 Integer Underflow
BadSource: min Set data to the max value for byte
GoodSource: A hardcoded non-zero, non-min, non-max, even number
Sinks: sub
GoodSink: Ensure there will not be an underflow before subtracting 1 from data
BadSink : Subtract 1 from data, which can cause an Underflow
Flow Variant: 17 Control flow: for loops
Flaws
Test Suites
Documentation
Trace
-
-
CWE191_Integer_Underflow__byte_min_predec_17.javaline 33
- CWE-191 Integer Underflow (Wrap or Wraparound)
-
CWE191_Integer_Underflow__byte_min_predec_17.javaline 38
- CWE-191 Integer Underflow (Wrap or Wraparound)
-
Files
src
main
java
testcases
CWE191_Integer_Underflow
s05
CWE191_Integer_Underflow__byte_min_predec_17.java
testcasesupport
AbstractTestCase.java
AbstractTestCaseBase.java
IO.java
manifest.sarif
xxxxxxxxxx99 /* TEMPLATE GENERATED TESTCASE FILEFilename: CWE191_Integer_Underflow__byte_min_predec_17.javaLabel Definition File: CWE191_Integer_Underflow.label.xmlTemplate File: sources-sinks-17.tmpl.java*//** @description* CWE: 191 Integer Underflow* BadSource: min Set data to the max value for byte* GoodSource: A hardcoded non-zero, non-min, non-max, even number* Sinks: decrement* GoodSink: Ensure there will not be an underflow before decrementing data* BadSink : Decrement data, which can cause an Underflow* Flow Variant: 17 Control flow: for loops** */package testcases.CWE191_Integer_Underflow.s05;import testcasesupport.*;public class CWE191_Integer_Underflow__byte_min_predec_17 extends AbstractTestCase{ public void bad() throws Throwable { byte data; /* We need to have one source outside of a for loop in order * to prevent the Java compiler from generating an error because * data is uninitialized */ /* POTENTIAL FLAW: Use the maximum size of the data type */ data = Byte.MIN_VALUE; for (int j = 0; j < 1; j++) { /* POTENTIAL FLAW: if data == Byte.MIN_VALUE, this will overflow */ byte result = (byte)(--data); IO.writeLine("result: " + result); } } /* goodG2B() - use goodsource and badsink */ private void goodG2B() throws Throwable { byte data; /* FIX: Use a hardcoded number that won't cause underflow, overflow, divide by zero, or loss-of-precision issues */ data = 2; for (int j = 0; j < 1; j++) { /* POTENTIAL FLAW: if data == Byte.MIN_VALUE, this will overflow */ byte result = (byte)(--data); IO.writeLine("result: " + result); } } /* goodB2G() - use badsource and goodsink*/ private void goodB2G() throws Throwable { byte data; /* POTENTIAL FLAW: Use the maximum size of the data type */ data = Byte.MIN_VALUE; for (int k = 0; k < 1; k++) { /* FIX: Add a check to prevent an underflow from occurring */ if (data > Byte.MIN_VALUE) { byte result = (byte)(--data); IO.writeLine("result: " + result); } else { IO.writeLine("data value is too small to decrement."); } } } public void good() throws Throwable { goodG2B(); goodB2G(); } /* Below is the main(). It is only used when building this testcase on * its own for testing or for building a binary to use in testing binary * analysis tools. It is not used when compiling all the testcases as one * application, which is how source code analysis tools are tested. */ public static void main(String[] args) throws ClassNotFoundException, InstantiationException, IllegalAccessException { mainFromParent(args); }}Have any comments on this test case? Please, send us an email.