Data Type Bugs Taxonomy: Integer Overflow, Juggling, and Pointer Arithmetics in Spotlight

In this work, we present an orthogonal classification of data type bugs, allowing precise structured descriptions of related software vulnerabilities. We utilize the Bugs Framework (BF) approach to define four language-independent classes that cover all possible kinds of data type bugs. In BF each class is a taxonomic category of a weakness type defined by sets of operations, cause$\rightarrow$consequence relations, and attributes. A BF description of a bug or a weakness is an instance of a taxonomic BF class with one operation, one cause, one consequence, and their attributes. Any vulnerability then can be described as a chain of such instances and their consequence-cause transitions. With our newly developed classes Declaration Bugs, Name Resolution Bugs, Type Conversion Bugs, and Type Computation Bugs, we confirm that BF is a classification system that extends the Common Weakness Enumeration (CWE). The proposed classes allow clear communication about software bugs that relate to misuse of data types, and provide a structured way to precisely describe data type related vulnerabilities.