Integer Overflow or Wraparound
Arithmetic produces a result the variable's type can't hold, wrapping silently. Most common in lower-level languages.
GateTest coverage
Not directly covered today. GateTest focuses on web-stack languages and infrastructure-as-code. For this class of bug, pair GateTest with a C/C++-aware analyzer.
Example
uint32_t total = price * quantity; — wraps to a small number for large purchases.
How to fix it
Use checked arithmetic, BigInt where appropriate. Validate ranges at boundaries. GateTest does not currently catch this class.
Frequently asked questions
What is CWE-190 (Integer Overflow or Wraparound)?
Arithmetic produces a result the variable's type can't hold, wrapping silently. Most common in lower-level languages.
How do I fix integer overflow or wraparound?
Use checked arithmetic, BigInt where appropriate. Validate ranges at boundaries. GateTest does not currently catch this class.
Does GateTest detect CWE-190?
Not directly today. GateTest focuses on web-stack languages (JavaScript, TypeScript, Python, Go, Java, Ruby, PHP) and infrastructure-as-code. Integer Overflow or Wraparound is most relevant to C / C++ code. For full coverage of this class, pair GateTest with CodeQL or a memory-safety analyzer.
What rank is Integer Overflow or Wraparound in the CWE Top 25?
Integer Overflow or Wraparound is ranked #14 in the MITRE 2023 CWE Top 25 Most Dangerous Software Weaknesses list. The ranking reflects both prevalence (how often it appears in real CVEs) and severity (the typical impact when it's exploited).