# Integer Overflow (deadly sins effect) **Deadly Sins:** list of common software defects that can have serious consequences, including security vulnerabilities, data loss, and system failure. referred to as **`Sins`** because they can be avoided with proper care and attention to detail during the software development process. ## TOP DEADLY SINS EFFECTS: 1. **Integer Overflows** 2. **SQL Injection** 3. **Command Injection** 4. **XSS** 5. **Race Conditions:** occurs when two or more threads or processes access shared data at the same time. 6. **Failing to Handle Errors** ## Data types programming languages **NOTE 1: Every type in programing language has specific length of bits to represent it** * `char` -> `8 bits` * `short` -> `16 bits` * `int` -> `32 bits` * `long` -> `64 bits` **NOTE 2: number can be `unsigned` *(positive only)* or `signed` *(negative and positive).*** And according to this every data type have max value and min value. Example `int` data type => range = **2^32** * in `unsigned` int the range is **[0 , 2^32 - 1]** * in `signed` int the range is **[-2^31 , 2^31 - 1]** ## Computing with in programming languages *To make it easy to understand suppose **`int`** number of bits equal **`8 bit`** the range is **[-128 , 127]*** Example: ```java= int x = 120 int y = 2; int z = x + y; int intOverFlowWillOccure = x * y; // what is (z, intOverFlowWillOccure) values? // z => 120 + 2 = 122 // this is less than int max value so it will be normal. // -------- //intOverFlowWillOccure => 120 * 2 = 240, // BUT not that 240 > 127 (int max) // So how we can store this value 🤔?? // 240 - 127 = 113 this overflow will be wrapped // so the value will be (min - 1) + overflow // intOverFlowWillOccure = -128 - 1 + 113 = -16 🤯 ``` ## Integer Overflow Definition previous example show the proplem that occures when we try to store value larger than the data type max value this is what we call (integer overflow) **Integer Overflow:** an arithmetic operation attempts to create a numeric value that is larger than can be represented within the available storage space. ## Casting **Is the process of converting a value from one data type to another.** When casting occures in **`C`** language? 1. When assigning to a diffreent data type ```java= int x = 10; double y = x; // x value will be cast automatically to double ``` 2. For binary operators (+, -, *, /, %, &, |, ^) * if one of the two operand is an `unsigned long` the result will be `unsigned long`. * if one of the two operand is an `long` the result will be `long`. * in all other cases the result is `int` 3. For unary operators (~ , ++ , --); * `~` change the type * `++` or `--` does not change type. ## Conclusion **Programming languages that allow direct access to memory and do not check for buffer and numeric overflow are particularly vulnerable to buffer overflow and integer overflow attacks.** Example : C language enable you to assign double value to int data type and in this case the fraction will be deleted, this in some cases can lead to int overflow. ```java= double x = 3.14; int y = x; // y value is equal to 3 and the 0.14 deleted ``` But in java this operation is not allowed to, java will throw an Exception, and because of that java considered as safe overflow language.