Please explain the real risk presented by "arithmetic overflows"

Posted on 2004-08-11
Last Modified: 2010-04-15
I am interested in using NETPBM to resize images "on-the-fly" for my dynamic web pages.


According to its documentation, Netpbm is full of arithmetic overflows.

As is common in C programming, many Netpbm programs were written with the assumption that inputs aren't such that they cause the program to attempt to compute values that cannot be represented in the data structure the program uses. For example, you might supply an input image that is 1 million columns wide by 1 million rows tall. The program might naively attempt to multiply those values together and represent the result in a 32 bit integer structure. Since the real product is too large to represent in 32 bits, the naive C code actually computes a different number, without recognizing any kind of error.

Such an overflow can cause an untold variety of program failures. A typical example is that the program uses the bogus number as the amount of storage that needs to be allocated for an array. It thus allocates too little storage for the array. A subsequent reference to an element in the array thus references arbitrary storage that has nothing to do with that array.

*****This could conceivably be a security exposure. *******

My question is this: what is the REAL risk of using this package?  Could it be a memory hog?  Could it make things slow over time?  Could it open my system up to hackers?  Or is this a theoretical problem that would have no practical implications for me?

Please explain the real risk of using a package with "arithmetic overflows"


Question by:hankknight
  • 2
LVL 22

Accepted Solution

grg99 earned 250 total points
ID: 11771696
Lots of bad things could happen.  Here's one example:

the bad image passes in an image size that overflows 16-bits and wraps around to a small number:

Example:   an image of (hex)  1020 x 1020 when multiplied gives a result of 10000400.  The sizten-bit truncation of this is just 0400.  So the code is likely to just allocate 400 hex (1024 decimal) bytes for the image.   But as soon as the image gets plopped into place, it's going to overwrite waay past the end of the 1024 byte array (by megabytes).  it could overwrite other data, or worse yet, code, with whatever is in the image, which golly, might not be an image at all, but carefully written code that could do anything at all to your computer (depending on what priviledge level the code is running at).   So you could easily lose the computer.

If you must use that code, see if your web server will let you run that code at a reduced privilidge level.  It definitely shouldnt run as Administrator, or have write permission to any file system.  And it should have very restrictive quotas (if your OS lets you set them).  Give it as little memory and CPU time quotas as it needs, and no more.

LVL 46

Assisted Solution

by:Sjef Bosman
Sjef Bosman earned 250 total points
ID: 11772096
1040400 !

And any modern O/S protects code from being overwritten, since code is usually stored in read-only segments. Dataspace, i.e. the data, heap and stack areas, can indeed be overwritten and your program may crash. So hopefully you will be producing good images, but you might end up weird images or nothing at all.
LVL 16

Author Comment

ID: 11772220
Oh my-- it doesn't sound woth the risk . . .

There are other image tools out there that have also been created with C, including VIPS and (I think) ImageMagick.  How can I find out if these have overflow problems too?
LVL 16

Author Comment

ID: 11784132

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is a short and sweet, but (hopefully) to the point article. There seems to be some fundamental misunderstanding about the function prototype for the "main" function in C and C++, more specifically what type this function should return. I see so…
Examines three attack vectors, specifically, the different types of malware used in malicious attacks, web application attacks, and finally, network based attacks.  Concludes by examining the means of securing and protecting critical systems and inf…
The goal of this video is to provide viewers with basic examples to understand how to use strings and some functions related to them in the C programming language.
The goal of this video is to provide viewers with basic examples to understand and use switch statements in the C programming language.

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question