CWE-682: Incorrect Calculation

CWE-682: Incorrect Calculation | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following image processing code allocates a table for images.

Vulnerable example

img_t table_ptr; /*struct containing img data, 10kB each*/

This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119).

This code attempts to calculate a football team's average number of yards gained per touchdown.

The code does not consider the event that the team they are querying has not scored a touchdown, but has gained yardage. In that case, we should expect an ArithmeticException to be thrown by the JVM. This could lead to a loss of availability if our error handling code is not set up correctly.

This example attempts to calculate the position of the second byte of a pointer.

Vulnerable example

int *p = x;

In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment.

CWE-682: Incorrect Calculation

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Manual Analysis

Automated Static Analysis

Fuzzing

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-682?

What CVEs are caused by CWE-682?

How do you prevent CWE-682?

How is CWE-682 detected?

What are the consequences of CWE-682?

Is CWE-682 actively exploited?

References

Stay ahead of CWE-682

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to prevent it

How to detect it

Manual Analysis

Automated Static Analysis

Fuzzing

Code examples

Illustrative examples

Related weaknesses

Child

Can precede

Related

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-682?

What CVEs are caused by CWE-682?

How do you prevent CWE-682?

How is CWE-682 detected?

What are the consequences of CWE-682?

Is CWE-682 actively exploited?

References

Stay ahead of CWE-682