Claude-skill-registry detecting-integer-overflow
Detects integer overflow and underflow vulnerabilities in arithmetic operations used for buffer sizing or allocation. Use when analyzing calculations, size computations, or investigating integer wraparound issues.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/detecting-integer-overflow" ~/.claude/skills/majiayu000-claude-skill-registry-detecting-integer-overflow && rm -rf "$T"
manifest:
skills/data/detecting-integer-overflow/SKILL.mdsource content
Integer Overflow Detection
Detection Workflow
- Identify arithmetic operations: Find addition, multiplication, subtraction, bit shifts on user-controlled values
- Check for overflow protection: Look for overflow checks before arithmetic, safe arithmetic functions, type conversions
- Trace to critical uses: Follow results to memory allocation sizes, buffer copy lengths, loop bounds, array indices
- Assess impact: Can overflow cause buffer overflow? Bypass security checks? Cause logic errors?
Key Patterns
- Addition/multiplication without overflow checks
- Subtraction that could underflow
- Integer overflow affecting malloc size
- Loop counter overflow
Output Format
Report with: id, type (addition/multiplication/underflow), severity, confidence, location, operation, operands, result used for, overflow check status, exploitability, impact, mitigation.
Severity Guidelines
- HIGH: Overflow affects memory allocation size
- MEDIUM: Overflow affects loop bounds or array indices
- LOW: Overflow with limited security impact
See Also
- Detailed detection patterns and exploitation scenariospatterns.md
- Example analysis cases and code samplesexamples.md
- CWE references and mitigation strategiesreferences.md