hacktricks/pentesting-web/integer-overflow.md
2023-08-29 18:57:50 +00:00

4.4 KiB

Integer Overflow

☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥

{% tabs %} {% tab title="Rust" %}

fn main() {

    let mut quantity = 2147483647;
    
    let (mul_result, _) = i32::overflowing_mul(32767, quantity);
    let (add_result, _) = i32::overflowing_add(1, quantity);
    
    println!("{}", mul_result);
    println!("{}", add_result);
}

{% endtab %}

{% tab title="Python" %}

Python

import struct

def pack_signed_int(i):
    return struct.pack("<i", i)

def pack_unsigned_int(i):
    return struct.pack("<I", i)

def unpack_signed_int(b):
    return struct.unpack("<i", b)[0]

def unpack_unsigned_int(b):
    return struct.unpack("<I", b)[0]

Example

>>> pack_signed_int(-2147483648)
b'\x00\x00\x00\x80'
>>> unpack_signed_int(b'\x00\x00\x00\x80')
-2147483648
>>> pack_unsigned_int(4294967295)
b'\xff\xff\xff\xff'
>>> unpack_unsigned_int(b'\xff\xff\xff\xff')
4294967295

References

```c
#include <stdio.h>
#include <limits.h>

int main() {
    int a = INT_MAX;
    int b = 0;
    int c = 0;
    
    b = a * 100;
    c = a + 1;
    
    printf("%d\n", INT_MAX);
    printf("%d\n", b);
    printf("%d\n", c);
    return 0;
}

{% endtab %} {% endtabs %}

☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥