Deadly Sins: list of common software defects that can have serious consequences, including security vulnerabilities, data loss, and system failure.
referred to as Sins
because they can be avoided with proper care and attention to detail during the software development process.
NOTE 1: Every type in programing language has specific length of bits to represent it
char
-> 8 bits
short
-> 16 bits
int
-> 32 bits
long
-> 64 bits
unsigned
(positive only) or signed
(negative and positive).And according to this every data type have max value and min value.
Example int
data type => range = 2^32
unsigned
int the range is [0 , 2^32 - 1]signed
int the range is [-2^31 , 2^31 - 1]To make it easy to understand suppose int
number of bits equal 8 bit
the range is [-128 , 127]
Example:
previous example show the proplem that occures when we try to store value larger than the data type max value this is what we call (integer overflow)
Integer Overflow: an arithmetic operation attempts to create a numeric value that is larger than can be represented within the available storage space.
Is the process of converting a value from one data type to another.
When casting occures in C
language?
unsigned long
the result will be unsigned long
.long
the result will be long
.int
~
change the type++
or --
does not change type.Programming languages that allow direct access to memory and do not check for buffer and numeric overflow are particularly vulnerable to buffer overflow and integer overflow attacks.
Example : C language enable you to assign double value to int data type and in this case the fraction will be deleted, this in some cases can lead to int overflow.
But in java this operation is not allowed to, java will throw an Exception, and because of that java considered as safe overflow language.