BETA Shoulder is in beta — Findings may sometimes be wrong. Your feedback shapes what we fix next. Share feedback
Shoulder.dev

Understand what every change actually did to your system.
🔢

Integer Overflow or Wraparound

🛡️ 3 rules detect this

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value.

An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of bits. This can lead to buffer overflows, incorrect financial calculations, or security bypasses.

Prevalence
Medium
3 languages covered
Impact
Medium
Review recommended
Prevention
Documented
3 fix examples
2 Prevention
2 Prevention

How to fix this vulnerability

Prevention strategies for Integer Overflow based on 3 Shoulder detection rules.

🐹 Go View all Go details →
Integer Overflow via Unchecked Arithmetic MEDIUM

Validate bounds before arithmetic operations with user-controlled integers

+5 -1 go 
  func handler(w http.ResponseWriter, r *http.Request) {
-     count, _ := strconv.Atoi(r.URL.Query().Get("count"))
+     count, err := strconv.Atoi(r.URL.Query().Get("count"))
+     if err != nil || count < 0 || count > 10000 {
+         http.Error(w, "Invalid count", 400)
+         return
+     }
      buffer := make([]byte, count*1024)
  }
🟨 JavaScript View all JavaScript details →
Integer Overflow via Unchecked Arithmetic MEDIUM

Validate numeric bounds before using user input in allocations or arithmetic

+5 -1 javascript 
- const size = parseInt(req.query.size, 10);
+ const MAX_SIZE = 1024 * 1024;
+ const size = parseInt(req.query.size, 10);
+ if (isNaN(size) || size < 0 || size > MAX_SIZE) {
+   return res.status(400).json({ error: 'Invalid size' });
+ }
  const buffer = Buffer.alloc(size);
🐍 Python View all Python details →
Integer Overflow / Large Number Handling LOW

Validate numeric bounds before arithmetic operations on user input

+9 -7 python 
- from flask import request
- 
- @app.route('/calculate')
- def calculate():
-     count = int(request.args.get('count'))
-     total = count * unit_price
-     return {'total': total}
+ from flask import request, jsonify
+ 
+ @app.route('/calculate')
+ def calculate():
+     count = int(request.args.get('count', 0))
+     if count < 0 or count > 10000:
+         return jsonify({'error': 'Invalid count'}), 400
+     total = count * unit_price
+     return jsonify({'total': total})
3 Detection
3 Detection

Find vulnerabilities in your code

Use Shoulder to scan your codebase for Integer Overflow or Wraparound patterns. 3 rules.

terminal
# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=190

# Or scan entire project
npx @shoulderdev/cli trust .

Detection Rules (3)

4 Warning Signs
4 Warning Signs

What to watch for in code reviews

These patterns indicate potential Integer Overflow or Wraparound vulnerabilities. Look for these during code reviews and security audits.

🟡
user-controlled values flowing into arithmetic operations without bounds checking javascript-integer-overflow
🔵
potential integer overflow in numeric operations python-integer-overflow
🔍

Scan your codebase for Integer Overflow or Wraparound

Shoulder CLI finds vulnerable patterns across your entire codebase.

npx shoulder trust Browse all rules