# Integer Overflow via Unchecked Arithmetic

- ID: javascript-integer-overflow
- Severity: MEDIUM
- CWE: CWE-190 (CWE-190)
- Languages: JavaScript, TypeScript

## Description

Detects user-controlled values flowing into arithmetic operations without
bounds checking. While JavaScript uses 64-bit floats for most numbers,
integer overflow is still a concern in these scenarios:

1. TypedArrays (Uint8Array, Int32Array, etc.) - values wrap on overflow
2. Bitwise operations - convert to 32-bit signed integers
3. Large number arithmetic affecting security decisions
4. Array/Buffer allocation with user-controlled sizes

Common vulnerable patterns:
- Buffer allocation: Buffer.alloc(userSize)
- Array creation: new Array(userLength)
- TypedArray creation: new Uint8Array(userSize)
- Bitwise operations: userValue | 0, userValue >>> 0

## Detection Message

User input from {source} flows to arithmetic/allocation operation at {sink} without bounds validation.
This could cause unexpected behavior or security bypass due to numeric overflow.

## Remediation

Validate numeric bounds before using user input in allocations:

```javascript
const MAX_SIZE = 1024 * 1024;
const size = parseInt(req.query.size, 10);

if (isNaN(size) || size < 0 || size > MAX_SIZE) {
  return res.status(400).send('Invalid size');
}

const buffer = Buffer.alloc(size);
```

Learn more: https://shoulder.dev/learn/javascript/cwe-190/integer-overflow

## Documentation

[object Object]

## Related Rules

- **Integer Overflow via Unchecked Arithmetic** [MEDIUM]: 
- **Integer Overflow / Large Number Handling** [LOW]: