On Thu, 17 Aug 2006, Robert C. Seacord emailed to an email list of the Association of C and C++ Users ( WWW.ACCU.org ): "The CERT/CC has released a beta version of a secure integer library for the C Programming Language. The library is available for download from the CERT/CC Secure Coding Initiative web page at: http://www.cert.org/secure-coding/ [..] [..] The following example illustrates how the library can be used to add two signed long integer values: long retsl, xsl, ysl; xsl = LONG_MAX; ysl = 0; retsl = addsl(xsl,ysl); [..] For more information on vulnerabilities and other problems resulting from the incorrect use of integers in C and C++ please read Chapter 5 of "Secure Coding in C and C++" which is available as a free download from the CERT web site: http://www.cert.org/books/secure-coding/moreinfo.html [..] Thanks, rCs -- Robert C. Seacord Senior Vulnerability Analyst CERT/CC [..]" From Chapter 5 of Robert C. Seacord's book "Secure Coding in C and C++" on WWW.AWProfessional.com/content/images/0321335724/samplechapter/seacord_ch05.pdf (which annoyingly would not load on the first two attempts due to "The system detected a possible attempt to compromise security. Please ensure that you can contact the server that authenticated you."): "Integers represent a growing and underestimated source of vulnerabilities in C and C++ programs. This is primarily because boundary conditions for integers, unlike other boundary conditions in software engineering, have been intentionally ignored. [..] [..] Because all integer vulnerabilities are type range errors, type range checking. if properly applied.can eliminate all integer vulnerabilities. Languages such as Pascal and Ada allow range restrictions to be applied to any scalar type to form subtypes. Ada, for example, allows range restrictions to be declared on derived types using the range keyword: type day is new INTEGER range 1..31; The range restrictions are then enforced by the language runtime. C and C++, on the other hand, are not nearly as good at enforcing type safety. Fortunately, there are some avoidance strategies that can be used to reduce or eliminate the risk from integer-type range errors. [..] Ensuring that operations on integers do not result in integer errors requires considerable care. Programming languages such as Ada do a good job of enforcing integer type ranges, but if you are reading this book, you are probably not programming in Ada. Ideally, C and C++ compilers will one day provide options to generate code to check for overflow conditions. But until that day, it is a good idea to use one of the safe integer libraries discussed in this chapter as a safety net. As always, it makes sense to apply available tools, processes, and techniques in the discovery and prevention of integer vulnerabilities. Static analysis and source code auditing are useful for finding errors. [..] [..]" However, Ada is not mentioned in the index of the book and I do not know whether Ada is mentioned in another chapter of the book. Regards, Colin Paul Gloster, member of the A.C.C.U. and the S.I.G.Ada