An integer (or numeric) overflow occurs when an arithmetic operation produces a value outside the representable range of the target data type (e.g., `int`, `long`, `double`). The result wraps around to an incorrect value, leading to unexpected program behaviour such as crashes, validation bypasses, memory corruption, or denial of service. In some cases, attackers can leverage overflows to trigger buffer overflows or bypass security checks, escalating the severity to arbitrary code execution.

Remediation

• Implement explicit boundary checks before performing arithmetic operations. For example, for positive `x` and `y`, `x + y` must be greater than or equal to both `x` and `y`; if not, an overflow has occurred.
• Use wider or arbitrary-precision data types (e.g., `BigInteger`) for intermediate calculations, and only assign results back to fixed-width types after range validation.
• Enable compiler or runtime checks and sanitisation options that detect integer overflows (e.g., `-ftrapv` in GCC, sanitizers in Clang/LLVM, or runtime guards in managed languages).
• Perform thorough input validation, particularly on values used in size calculations, offsets, or loop counters.
• Refer to https://learn.secdim.com/course/reboot-boeing-787[SecDim's Numeric Overflow] short course for more information.