| dc:description | A math operation may give a result larger than the available register width, an error condition may result. Integer overflows do not generally lead to exploitable conditions. However, on systems where the result is simply stored, and no error is returned (this is the general case), it may not be possible for the software to determine that the value stored is erroneous. If an integer value is used to specify the location of other code or variable values in memory, the resulting pointer error may be exploited to create a buffer overflow condition or to write and execute arbitrary (and possibly harmful) code to the resulting (and unexpected) position. (Wikipedia) |