Languages handle overflow differently and the differences matter. C/C++ signed overflow is undefined behavior, which the optimizer is allowed to assume can't happen — leading to surprising deletions of safety checks. Rust panics in debug, wraps in release. Java and Go wrap silently. Python's int is unbounded but its numpy and SQL layers aren't. JavaScript's Number is double-precision until you reach Number.MAX_SAFE_INTEGER, and then 1 + 1 can be 1.
The high-impact instances are: length checks (size + 1 overflows to zero, the bound check passes, a buffer overflow follows), monetary math (cents overflow into negative dollars), and timestamps (Y2038, the embedded systems version of Y2K).
Defenses: use checked arithmetic where the language offers it (checked_add in Rust, Math.addExact in Java), use big-integer types for monetary or large-counter math, and validate sizes against a sane upper bound before doing arithmetic.
Review heuristic
Any arithmetic on a number that came from input, including a length, a count, or a timestamp, should be reviewed for what happens at the type's max value. A 32-bit byte counter overflows after 4 GB.
External reference
CWE-190: Integer Overflow or Wraparound — the canonical industry classification for this bug class. Useful when filing tickets, writing security policies, or arguing with a static analyzer.