Shockingly, integer overflows and sign errors are incredibly common in software still. One normal mistake is to use user-supplied values in multiplicative statements for memory allocation, e.g.
malloc(sizeof(giantstruct) * user_int). These sort of
error, while seemingly trivial, easily results in exploitable heap
overflows.
safe_iop is a simple library that I'm releasing to the public domain which can help with these. Not only does it supply simple integer operation helper functions, it also supplies a more complex interface:
bool safe_iopf(void *dst, char *format, ...);
This syntax takes in a format char array and performs the specified
actions on the remaining arguments. For instance,
if (!safe_iopf(&result, "++", i, j, k)) {
printf("Overflow!\n");
abort();
}
This gets even trickier by allowing the specification of size and
signedness:
if (!safe_iopf(&result, "u32*s32+", i, j, k)) {
printf("Overflow!\n");
abort();
}
The above case describes an unsigned 32-bit integer multiplication between
i and j followed by a signed int32 addition with
k.
There are still some kinks to work out and currently only 32-bit integer operations are supported, but I'm hoping this slightly friendlier interface might make software a slight bit better.