Claude-skill-registry detecting-off-by-one
Detects off-by-one errors by identifying incorrect loop conditions, array indexing mistakes, and boundary condition problems. Use when analyzing loops, array access, or investigating fencepost errors.
install
source · Clone the upstream repo
git clone https://github.com/majiayu000/claude-skill-registry
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/majiayu000/claude-skill-registry "$T" && mkdir -p ~/.claude/skills && cp -r "$T/skills/data/detecting-off-by-one" ~/.claude/skills/majiayu000-claude-skill-registry-detecting-off-by-one && rm -rf "$T"
manifest:
skills/data/detecting-off-by-one/SKILL.mdsource content
Off-by-One Detection
Detection Workflow
- Identify array operations: Find all array accesses, loop iterations, buffer allocations, string operations
- Analyze boundary conditions: Check loop termination conditions, array index ranges, buffer size calculations
- Check edge cases: Test boundary conditions, verify fencepost cases, assess null terminator handling
- Assess impact: Can off-by-one cause overflow/underflow? What's the security impact?
Key Patterns
- Loop bound errors: using <= instead of <, or < instead of <=
- Array index errors: accessing array[size] instead of array[size-1]
- String handling errors: missing null terminator, incorrect buffer size
- Allocation errors: allocating size instead of size+1
Output Format
Report with: id, type, subtype, severity, confidence, location, vulnerability, loop condition, array access, array size, error type, exploitability, attack scenario, impact, mitigation.
Severity Guidelines
- HIGH: Off-by-one causing buffer overflow
- MEDIUM: Off-by-one causing information disclosure
- LOW: Off-by-one with minor impact
See Also
- Detailed detection patterns and exploitation scenariospatterns.md
- Example analysis cases and code samplesexamples.md
- CWE references and mitigation strategiesreferences.md