Integer Errors - You Can't Count That High!

CS0

Integer Errors - “You can't count that high!”

Background

Summary:Integer values that are too large or too small may fall outside the allowable bounds for their data type, leading to unpredictable problems that can both reduce the robustness of your code and lead to potential security problems.

Description:The value of each integer variable is stored in a block of memory of a fixed size. If an operation yields a value that is out of range for the type, an integer errors occurs, and the resulting value will likely not be what the programmer intended.

Risk:An integer error may be exploited to cause a program crash, lead to incorrect behavior, or present opportunities for malicious software to run code that could do bad things to your computer.

Example of Occurrence: On December 25, 2004, Comair airlineswas forced to ground 1,100 flights after its flight crew scheduling software crashed. The software used a 16-bit integer (max 32,768) to store crew changes. That number was exceeded due to bad weather that month led to numerous crew reassignments.

Problem

1.Type in the following program. Compile and run.

import java.util.Scanner;

public class IntegerError {

public static void main(String[] args) {

Scanner scan = new Scanner(System.in);

// variable declarations

int i;

System.out.println("Largest integer is "+Integer.MAX_VALUE);

System.out.println("Smallest integer is "+Integer.MIN_VALUE);

System.out.print("Type an integer value: ");

i = scan.nextInt();

System.out.println("\nYou entered the following value: ");

System.out.println("Integer: "+i);

// System.out.println("Integer overflow: = "+Integer.MAX_VALUE+1);

}

}

1. Compile andRun.
2. What is the largest possible integer value?
3. Enter a reasonable value. Print out the output before proceeding.
4. What do you think will happen if you enter a value larger than the highest value?
5. Run again and enter a value that exceeds the largest possible (try an 11 digit number).What happens? Why?
6. Remove the comments (//) from the beginning of the last line of the program.Compile. You will receive a warning. Why do you think that is?
7. For this one time we will ignore the warning. Run. What happens? Why?
8. Complete the following checklist for this program.

Security Checklist

Checklists are used in many industries including aviation and software for safety and error checking. Complete the following security checklist to identify potential vulnerabilities in your code.

Security Checklist
Vulnerability / Integer Errors / Course / CS0
Check each line of code

1. Underline each occurrence of an integer variable.(All occurrences of i should be underlined)

For each underlined variable:

1. Mark with a V any input operations that assign values to the variable.

1. Mark with a V any mathematical operations involving the variable.

Possible Vulnerability!!

Discussion

1. How many bytes are allocated for an integer?
2. What is the largest possible value for an integer? Why do you think that is?
3. What happens when you exceed the largest integer value? Explain.
4. Look up the following info:

What is the current population of the US?

What is the current population of the world?

What is the national debt?

For which of the above would the integer data type be a problem?

1. Discuss the Comair problem described above. What are the repercussions of such a problem?