CWE-190 Integer Overflow or Wraparound
What this means
SiteShadow flagged integer math that can overflow/wrap and break safety checks (sizes, indices, limits). This is most critical in low-level languages, but can also matter in application code when values cross trust boundaries.
Why it matters
Overflows can bypass bounds checks or cause unexpected behavior.
- Memory safety bugs: in C/C++ this can lead to out-of-bounds access and RCE.
- Logic bypass: negative/overflowed sizes can bypass "max size" or "min value" checks.
Safer examples
1) Validate ranges and reject unexpected values
Validate sizes and counts at trust boundaries (see CWE-20 / CWE-400).
2) Use safe integer APIs where available
In languages with safe integer helpers (checked arithmetic), use them for sizes and indices.
3) Prefer languages/runtimes with built-in overflow safety
Even then, validate the maximums you will accept before allocating or looping.
How SiteShadow detects it (high level)
- Flags size/index arithmetic that combines untrusted inputs with allocations/loops.
- Detects patterns where negative or overflowed values could bypass checks.
References
- CWE-190: https://cwe.mitre.org/data/definitions/190.html
---