CSC 1029: Integral Data Types and Vulnerabilities

Questions and Answers

What can result from integer overflow in a software application?

• Improved memory allocation
• Automatic type conversion safety
• Increased processing speed
• Buffer overflows and execution of arbitrary code (correct)

What is the range of a signed char in C++?

• -127 to 127
• 0 to 255
• -128 to 127 (correct)
• -255 to 255

Which statement is true regarding type conversions in C++?

• All type conversions guarantee safe memory space usage.
• Only signed types can be implicitly converted to unsigned types.
• An explicit cast is required for conversions that imply a different interpretation of value. (correct)
• Implicit conversions can include narrowing types without user intervention.

What is the maximum value that a signed int can hold in C++?

2147483647 (D)

What is the primary reason for the failure of the Ariane 5 rocket during its maiden flight?

Unhandled arithmetic overflow in software (B)

What could potentially happen when integer calculations exceed the finite limits of computer integers?

The CPU sets a carry or overflow flag (B)

Which scenario correctly describes the behavior of signed and unsigned integers in C++?

Unsigned integers cannot represent negative values. (D)

What is a potential performance implication when using data types of varying sizes in C++?

Memory alignment issues may arise with different sizes. (C)

Which encoding method is specifically designed to represent a wider array of characters beyond ASCII in C++?

UTF-8 (A)

What is the primary reason for using data types in C++?

To inform the Operating System about data management (B)

When using sizeof in C++, why should it not be applied to an array argument passed into a function?

It provides the size of the entire data type instead of the array. (D)

What happens to an integer value during an overflow in unsigned integers?

The integer wraps around to the minimum value. (A)

What is the typical range for a signed char in C++?

-128 to 127 (A)

Which data type in C++ is used to represent Unicode characters?

wchar_t (B)

How many bytes does a short data type occupy in C++?

2 bytes (C)

What is the maximum positive value that can be stored in an unsigned char?

255 (D)

In UTF-8 encoding, how many bytes can a single character use?

1 to 4 bytes (C)

Which of the following statements about signed and unsigned integers is true?

Unsigned integers have no negative range. (B)

What happens during integer overflow in C++?

The value wraps around to the negative range. (A)

Which scenario would typically benefit from using an unsigned type in C++?

When you want to ensure the variable cannot be negative. (D)

What is the typical size of an int data type in C++?

4 bytes (A)

Which character set allows for the representation of a wider range of characters than ASCII?

UTF-8 (A)

Flashcards

Computer Integers

Finite set of numbers used by computers, unlike mathematical integers which are infinite.

Integer Overflow

Error that occurs when an arithmetic operation on integers produces a result that is too large or too small to be represented by the data type.

Signed Integers

Integer data types that can represent both positive and negative values.

Unsigned Integers

Integer data types that can only represent positive values.

Data Type

Category of data that informs the system about the type of data

sizeof Operator

Compile-time operator in C++ that determines the size of a variable or data type in bytes.

Integer Overflow Handling

Methods used to address integer overflow errors, such as exception handling, conversion to larger data type and saturation

Signed vs. Unsigned Integers

Signed integers can represent both positive and negative values, while unsigned integers only handle positive values.

Why is Integer Overflow Dangerous?

It can lead to unexpected program behavior and security vulnerabilities. In extreme cases, it can even lead to crashes or malicious code execution.

What is Type Casting?

Explicitly converting a variable from one data type to another. This can be useful for manipulating data, but it can also be a source of errors if not done carefully.

ASCII

A character encoding standard that uses 7 bits to represent 128 characters, including letters, digits, and symbols. The first 32 codes are control codes (non-printable).

char Data Type

A data type in C++ that stores a single character using 1 byte of memory. It typically represents ASCII characters.

Unicode

A character encoding standard that uses 1 to 4 bytes to represent a wide range of characters from different languages and writing systems. It provides a unique number for every character.

wchar_t Data Type

A data type in C++ that stores characters using Unicode encoding. The size of a wchar_t depends on the compiler and system but usually requires 2 or 4 bytes.

Signed Data Type

A data type that can represent both positive and negative values. It allocates one bit to indicate the sign.

Unsigned Data Type

A data type that can only represent positive values. All bits are used to represent the magnitude.

short Data Type

A data type in C++ that stores integer values using 2 bytes of memory. It can typically represent values ranging from -32,768 to 32,767.

int Data Type

A data type in C++ that stores integer values using 4 bytes of memory. It can typically represent values ranging from -2,147,483,648 to 2,147,483,647.

How many bits are in a byte?

A byte consists of 8 bits.

What's the difference between char and wchar_t?

The char data type uses ASCII encoding and stores a maximum of 128 characters. The wchar_t data type uses Unicode encoding and supports a wider range of characters.

Study Notes

CSC 1029: Integral Data Types and Vulnerabilities

• Course focuses on integral data types in C/C++, including signed and unsigned integers
• Discusses how integral values are stored in memory using bits
• Explores integer overflow, its causes, and consequences for both signed and unsigned types
• Covers implicit and explicit type conversions, their impact on code
• Explains casting and issues that arise when mixing signed and unsigned data types

Objectives

• Learn the fundamentals of integral types in C/C++ (signed, unsigned)
• Understand how integral values are stored in memory
• Recognize integer overflow, its triggers, and potential consequences
• Explore conversions (implicit and explicit) affecting integral types
• Understand the role of casting for signed/unsigned type conversions
• Identify potential issues with combining signed/unsigned types

Agenda (Week 10)

• Computer Integers: Overview of integral types
• Fundamental Data Types: Basic types like char, wchar_t, short int etc.
• Integers: Signed and Unsigned: Differences between signed and unsigned representations
• Integer Overflow: What happens when values exceed bounds?
• Type Conversion: Converting between integral types
• Integral Vulnerabilities: Potential issues related to overflow, and conversions
• Data Type conversion functions: Functions for converting data types
• TODO list for the week
• Resources for additional help

Why Use Data Types in C++

• Data types inform the operating system about the handled data
• Appropriate memory allocation is determined by the data type
• Variables store data at designated memory locations
• Memory allocation for variables within a function is stack-based and type-dependent

Computer Integers

• Computer integers are finite, unlike their mathematical counterparts
• Overflow or underflow can occur; it depends on CPUs and languages
• Integer calculations outside the representable range can result in unexpected behaviors (carry/overflow flag)
• Exception handling, conversions, saturation, or wrap-around can be language- or hardware-specific

C++ Fundamental Data Types

• Table providing various C++ data types (char, short int, int, long int, bool, float, double, long double, wchar_t) along with their sizes and ranges.

Sizeof Operator

• sizeof is a compile-time operator in C++ that determines the size (in bytes) of a variable or data type
• sizeof can be used for sizing arrays (based on element count)
• Pitfall: Do not use sizeof on array arguments passed into functions

Char and Wchar

• ASCII table defines 128 character codes (7 bits)
• The first 32 are control codes (non-printable); the remaining 96 represent characters like digits, letters, and symbols
• char data type represents ASCII code
• UTF-8 encoding (1-4 bytes) is used for characters outside ASCII
• wchar_t data type represents Unicode

Integral Memory Representation

• Shows the bit representation of integral data types (char, short, int)

Signed and Unsigned Types

• Every signed data type has an equivalent unsigned type
• Signed types represent positive and negative values
• Unsigned types represent only positive values (range starts from 0)
• Range for unsigned types is larger than signed types of the same bit size

Integer Overflow/Underflow

• Minimum and maximum values of data types depend on the method of representation (magnitude, sign bit, range etc.) and number of allocated bits
• Integer overflow/underflow happens when computations yield a value that's out of range for the corresponding data type

SEI CERT: Integer Wrap Prevention

• Recommendation INT30-C to avoid integer wrap-around which may lead to buffer overflows and arbitrary code execution

Integer Overflow (Discussion)

• Arithmetic overflow can cause crashes (e.g., Ariane 5 rocket failure due to steering software)
• Software relying on overflow checking and explicit type handling are considered less prone than those relying on implicit conversions

Type Conversions (C++)

• Implicit conversions occur when copying a value to a compatible type (same sign)
• Explicit conversions (type casting) are needed for conversions that might lose data or alter interpretation (e.g., different signs)

Data Type Conversion Functions

• Functions for converting std::string to integral types or vice-versa (e.g., stoi, stol, to_string)
• Avoid using non-standard itoa or ltoa functions

Pre-Work and Week 10 Content Module

• Post weekly discussion questions and research solutions on D2L
• Complete Week 10 content module in D2L to achieve 100% completion.

Questions/Clarifications/Help

• Student office hours (appointment-based and drop-in)
• Email contact information for questions
• Online tutoring resources on D2L and RRCC website

Description

This quiz covers integral data types in C/C++, focusing on signed and unsigned integers. You'll learn about memory storage, integer overflow, type conversions, and the implications of mixing signed and unsigned values. Test your knowledge on these critical concepts relevant to programming in C/C++.