Home/ Questions/Q 8384983
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-09T17:33:06+00:00

Going through Elisabeth Hendrickson’s test heuristics cheatsheet , I see the following recommendations :

  • 0

Going through Elisabeth Hendrickson’s test heuristics cheatsheet , I see the following recommendations :

Numbers : 32768 (2^15) 32769 (2^15+ 1) 65536 (2^16) 65537 (2^16 +1) 2147483648 (2^31) 2147483649 (2^31+ 1) 4294967296 (2^32) 4294967297 (2^32+ 1)

Does someone know the reason for testing all theses cases ? My gut feeling goes with the data type the developer may have used ( integer, long, double…)

Similarly, with Strings :

Long (255, 256, 257, 1000, 1024, 2000, 2048 or more characters)

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    These represent boundaries

    Integers

    • 2^15 is at the bounds of signed 16-bit integers
    • 2^16 is at the bounds of unsigned 16-bit integers
    • 2^31 is at the bounds of signed 32-bit integers
    • 2^32 is at the bounds of unsigned 32-bit integers

    Testing for values close to common boundaries tests whether overflow is correctly handled (either arithmetic overflow in the case of various integer types, or buffer overflow in the case of long strings that might potentially overflow a buffer).

    Strings

    • 255/256 is at the bounds of numbers that can be represented in 8 bits
    • 1024 is at the bounds of numbers that can be represented in 10 bits
    • 2048 is at the bounds of numbers that can be represented in 11 bits

    I suspect that the recommendations such as 255, 256, 1000, 1024, 2000, 2048 are based on experience/observation that some developers may allocate a fixed-size buffer that they feel is “big enough no matter what” and fail to check input. That attitude leads to buffer overflow attacks.

    • 0