43 lines
1.0 KiB
Markdown
43 lines
1.0 KiB
Markdown
# Integral Promotion
|
|
|
|
* Conditions of data types with different max and min values provoke unforseen comparisions
|
|
* Comparing `int` and `uint` with values above max leads to integral promotion
|
|
|
|
* Check data type min and max
|
|
```c
|
|
#include <stdio.h>
|
|
#include <limits.h>
|
|
|
|
int main(void)
|
|
{
|
|
|
|
printf("CHAR_MAX: %i\n", CHAR_MAX);
|
|
printf("UCHAR_MAX: %i\n", UCHAR_MAX);
|
|
|
|
printf("SHORT_MAX: %i\n", SHRT_MAX);
|
|
printf("USHORT_MAX: %i\n", USHRT_MAX);
|
|
|
|
printf("INT_MAX: %i\n", INT_MAX);
|
|
printf("UINT_MAX: %u\n", UINT_MAX);
|
|
|
|
return 0;
|
|
}
|
|
```
|
|
|
|
* Not only conditions are susceptable to integral promotions, a sum - for example - is too. Values for promotion in this example are `2147483647` and `1`. `c` is negative and leads to the shell
|
|
```c
|
|
int a,b,c;
|
|
|
|
|
|
if(a >=0 && b >=0)
|
|
if(c >= 0){
|
|
printf("\n[*] ADDING %d + %d",a,b);
|
|
printf("\n[*] RESULT: %d\n",c);
|
|
}
|
|
else{
|
|
system("/bin/sh");
|
|
}
|
|
else
|
|
printf("nope");
|
|
```
|