...
The isinf macro tests an input floating point value for infinity. isinf(\x) returns 1 if x is infinity, -1 if x is negative infinityval) is non-zero if val is an infinity (positive or negative), and 0 otherwise.
isnan tests if an input is NaN. isnan(\xval) is 1 non-zero if x val is a NaN, and 0 otherwise.
If infinity or NaN values are not acceptable inputs in a program, these macros should be used to ensure they are not passed to vulnerable functions.
...
The following code was run on 32-bit GNU Linux using the GCC version 3.4.6 compiler. On this platform, FLT_MAX has the value 340282346638528859811704183484516925440.000000. FLT_MIN=-FLT_MAX.
| Code Block |
|---|
#include <stdio.h>
int main(int argc, char *argv[])
{
float val, currentBalance=0;
scanf("%f", &val);
currentBalance+=val;
printf("%f\n", currentBalance);
return 0;
}
|
...
The following code first validates the input float before using it. The value is tested to ensure that it is neither an infinity nor negative infinity nor a NaN.
| Code Block | ||
|---|---|---|
| ||
float currentBalance; /* User's cash balance */
void doDeposit(){
float val;
scanf("%f", &val);
intif k=(isinf(x);
if (k==1)val)) {
/* handle infinity error */
}
if (k==-1){
/* handle negative infinity error */
}
if(isnan(val)) /* test NaN */
{
/* handle NaN error */
}
if (val>=MAX_VALUE-currentBalance) {
/*Handle range error*/
}
currentBalance+=val;
}
|
...