Agent skill

detecting-integer-overflow

Detects integer overflow and underflow vulnerabilities in arithmetic operations used for buffer sizing or allocation. Use when analyzing calculations, size computations, or investigating integer wraparound issues.

View SKILL.md on GitHub Repository
Stars 163
Forks 31

Install this agent skill to your Project

npx add-skill https://github.com/majiayu000/claude-skill-registry/tree/main/skills/development/detecting-integer-overflow

SKILL.md

Integer Overflow Detection

Detection Workflow

  1. Identify arithmetic operations: Find addition, multiplication, subtraction, bit shifts on user-controlled values
  2. Check for overflow protection: Look for overflow checks before arithmetic, safe arithmetic functions, type conversions
  3. Trace to critical uses: Follow results to memory allocation sizes, buffer copy lengths, loop bounds, array indices
  4. Assess impact: Can overflow cause buffer overflow? Bypass security checks? Cause logic errors?

Key Patterns

  • Addition/multiplication without overflow checks
  • Subtraction that could underflow
  • Integer overflow affecting malloc size
  • Loop counter overflow

Output Format

Report with: id, type (addition/multiplication/underflow), severity, confidence, location, operation, operands, result used for, overflow check status, exploitability, impact, mitigation.

Severity Guidelines

  • HIGH: Overflow affects memory allocation size
  • MEDIUM: Overflow affects loop bounds or array indices
  • LOW: Overflow with limited security impact

See Also

  • patterns.md - Detailed detection patterns and exploitation scenarios
  • examples.md - Example analysis cases and code samples
  • references.md - CWE references and mitigation strategies

Recommended Agent Skills

Expand your agent's capabilities with these related and highly-rated skills.

majiayu000/claude-skill-registry

agent-ops-spec

Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-state

Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-spec

Manage specification documents in .agent/specs/. Use when user provides requirements, acceptance criteria, or feature descriptions that need to be tracked and validated against implementation.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-testing

Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-testing

Test strategy, execution, and coverage analysis. Use when designing tests, running test suites, or analyzing test results beyond baseline checks.

163 31
Explore
majiayu000/claude-skill-registry

agent-ops-state

Maintain .agent state files. Use at session start, after meaningful steps, and before concluding: read/update constitution/memory/focus/issues/baseline consistently.

163 31
Explore

Didn't find tool you were looking for?

Be as detailed as possible for better results