Solved

Please explain the real risk presented by "arithmetic overflows"

Posted on 2004-08-11
4
171 Views
Last Modified: 2010-04-15
I am interested in using NETPBM to resize images "on-the-fly" for my dynamic web pages.

           http://netpbm.sourceforge.net/

According to its documentation, Netpbm is full of arithmetic overflows.
See
          http://netpbm.sourceforge.net/overflow.html

Quote:
As is common in C programming, many Netpbm programs were written with the assumption that inputs aren't such that they cause the program to attempt to compute values that cannot be represented in the data structure the program uses. For example, you might supply an input image that is 1 million columns wide by 1 million rows tall. The program might naively attempt to multiply those values together and represent the result in a 32 bit integer structure. Since the real product is too large to represent in 32 bits, the naive C code actually computes a different number, without recognizing any kind of error.

Such an overflow can cause an untold variety of program failures. A typical example is that the program uses the bogus number as the amount of storage that needs to be allocated for an array. It thus allocates too little storage for the array. A subsequent reference to an element in the array thus references arbitrary storage that has nothing to do with that array.

*****This could conceivably be a security exposure. *******

My question is this: what is the REAL risk of using this package?  Could it be a memory hog?  Could it make things slow over time?  Could it open my system up to hackers?  Or is this a theoretical problem that would have no practical implications for me?

Please explain the real risk of using a package with "arithmetic overflows"

Thanks

0
Comment
Question by:hankknight
  • 2
4 Comments
 
LVL 22

Accepted Solution

by:
grg99 earned 250 total points
ID: 11771696
Lots of bad things could happen.  Here's one example:

the bad image passes in an image size that overflows 16-bits and wraps around to a small number:

Example:   an image of (hex)  1020 x 1020 when multiplied gives a result of 10000400.  The sizten-bit truncation of this is just 0400.  So the code is likely to just allocate 400 hex (1024 decimal) bytes for the image.   But as soon as the image gets plopped into place, it's going to overwrite waay past the end of the 1024 byte array (by megabytes).  it could overwrite other data, or worse yet, code, with whatever is in the image, which golly, might not be an image at all, but carefully written code that could do anything at all to your computer (depending on what priviledge level the code is running at).   So you could easily lose the computer.

If you must use that code, see if your web server will let you run that code at a reduced privilidge level.  It definitely shouldnt run as Administrator, or have write permission to any file system.  And it should have very restrictive quotas (if your OS lets you set them).  Give it as little memory and CPU time quotas as it needs, and no more.



0
 
LVL 46

Assisted Solution

by:Sjef Bosman
Sjef Bosman earned 250 total points
ID: 11772096
1040400 !

And any modern O/S protects code from being overwritten, since code is usually stored in read-only segments. Dataspace, i.e. the data, heap and stack areas, can indeed be overwritten and your program may crash. So hopefully you will be producing good images, but you might end up weird images or nothing at all.
0
 
LVL 16

Author Comment

by:hankknight
ID: 11772220
Oh my-- it doesn't sound woth the risk . . .

There are other image tools out there that have also been created with C, including VIPS and (I think) ImageMagick.  How can I find out if these have overflow problems too?
0
 
LVL 16

Author Comment

by:hankknight
ID: 11784132
Thanks
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

Preface I don't like visual development tools that are supposed to write a program for me. Even if it is Xcode and I can use Interface Builder. Yes, it is a perfect tool and has helped me a lot, mainly, in the beginning, when my programs were small…
This tutorial is posted by Aaron Wojnowski, administrator at SDKExpert.net.  To view more iPhone tutorials, visit www.sdkexpert.net. This is a very simple tutorial on finding the user's current location easily. In this tutorial, you will learn ho…
Video by: Grant
The goal of this video is to provide viewers with basic examples to understand and use for-loops in the C programming language.
The goal of this video is to provide viewers with basic examples to understand opening and reading files in the C programming language.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now