COLLECTED BY

Organization: Archive Team

Formed in 2009, the Archive Team (not to be confused with the archive.org Archive-It Team) is a rogue archivist collective dedicated to saving copies of rapidly dying or deleted websites for the sake of history and digital heritage. The group is 100% composed of volunteers and interested parties, and has expanded into a large amount of related projects for saving online and digital history.

History is littered with hundreds of conflicts over the future of a community, group, location or business that were "resolved" when one of the parties stepped ahead and destroyed what was there. With the original point of contention destroyed, the debates would fall to the wayside. Archive Team believes that by duplicated condemned data, the conversation and debate can continue, as well as the richness and insight gained by keeping the materials. Our projects have ranged in size from a single volunteer downloading the data to a small-but-critical site, to over 100 volunteers stepping forward to acquire terabytes of user-created data to save for future generations.

The main site for Archive Team is at archiveteam.org and contains up to the date information on various projects, manifestos, plans and walkthroughs.

This collection contains the output of many Archive Team projects, both ongoing and completed. Thanks to the generous providing of disk space by the Internet Archive, multi-terabyte datasets can be made available, as well as in use by the Wayback Machine, providing a path back to lost websites and work.

Our collection has grown to the point of having sub-collections for the type of data we acquire. If you are seeking to browse the contents of these collections, the Wayback Machine is the best first stop. Otherwise, you are free to dig into the stacks to see what you may find.

The Archive Team Panic Downloads are full pulldowns of currently extant websites, meant to serve as emergency backups for needed sites that are in danger of closing, or which will be missed dearly if suddenly lost due to hard drive crashes or server failures.

Collection: Archive Team: URLs

TIMESTAMPS

The Wayback Machine - https://web.archive.org/web/20240526031415/https://codeql.github.com/codeql-query-help/cpp/cpp-bad-addition-overflow-check/

Bad check for overflow of integer addition¶

ID: cpp/bad-addition-overflow-check
Kind: problem
Security severity: 8.1
Severity: error
Precision: very-high
Tags:
   - reliability
   - correctness
   - security
   - external/cwe/cwe-190
   - external/cwe/cwe-192
Query suites:
   - cpp-code-scanning.qls
   - cpp-security-extended.qls
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

Checking for overflow of integer addition needs to be done with care, because automatic type promotion can prevent the check from working as intended, with the same value (true or false) always being returned.

Recommendation¶

Use an explicit cast to make sure that the result of the addition is not implicitly converted to a larger type.

Example¶

bool checkOverflow(unsigned short x, unsigned short y) {
  // BAD: comparison is always false due to type promotion
  return (x + y < x);  
}

On a typical architecture where short is 16 bits and int is 32 bits, the operands of the addition are automatically promoted to int, so it cannot overflow and the result of the comparison is always false.

The code below implements the check correctly, by using an explicit cast to make sure that the result of the addition is unsigned short (which may overflow, in which case the comparison would evaluate to true).

bool checkOverflow(unsigned short x, unsigned short y) {
  return ((unsigned short)(x + y) < x);  // GOOD: explicit cast
}

References¶

Preserving Rules
Understand integer conversion rules
Common Weakness Enumeration: CWE-190.
Common Weakness Enumeration: CWE-192.

© GitHub, Inc.
Terms
Privacy