Floating-point numbers can take on three exceptional values, : infinity, -infinity, and NaN (not-a-number). These values are produced as a result of exceptional or otherwise unresolvable floating-point operations, such as division by zero. These exceptional values can also be obtained directly from user input through methods such as Double.valueOf(String s). Failure to detect and handle such exceptional values can result in inconsistent behavior.
...
NaN values are particularly problematic because they are unordered. That is, the expression NaN == NaN always returns false. ( See rule NUM07-J . Do not attempt comparisons with NaN.)for more information.
Noncompliant Code Example
...
| Code Block | ||
|---|---|---|
| ||
double currentBalance; // User's cash balance
void doDeposit(String userInput) {
double val;
try {
val = Double.valueOf(userInput);
}
catch(NumberFormatException e) {
// Handle input format error
}
if (val >= Double.MAX_VALUE - currentBalance) {
// Handle range error
}
currentBalance += val;
}
|
This code will produce unexpected results when an exceptional value is entered for val and subsequently used in calculations or as control values. The user could, for example, input the strings infinity or NaN on the command line, which would be parsed by Double.valueOf(String s) into the floating-point representations of either infinity or NaN. All subsequent calculations using these values would be invalid, possibly causing runtime exceptions or enabling denial-of-service ( DoS ) attacks.
In this noncompliant example, entering NaN for val would cause currentBalance to be set to NaN, corrupting its value. If this value were used in other expressions, every resulting value would also become NaN, possibly corrupting important data.
...
| Code Block | ||
|---|---|---|
| ||
double currentBalance; // User's cash balance
void doDeposit(String s){
double val;
try {
val = Double.valueOf(userInput);
}
catch(NumberFormatException e) {
// Handle input format error
}
if (Double.isInfinite(val)){
// Handle infinity error
}
if (Double.isNaN(val)) {
// Handle NaN error
}
if (val >= Double.MAX_VALUE - currentBalance) {
// Handle range error
}
currentBalance += val;
}
|
...
Incorrect or missing validation of floating-point input can result in miscalculations and unexpected results, possibly leading to inconsistent program behavior and denial of service ( DoS).
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
NUM08-J | low | probable | medium | P4 | L3 |
...
Automated detection is infeasible in the general case. It could be possible to develop a taint-like analysis that detects many interesting cases.
Related Vulnerabilities
Related Guidelines
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ae04024200c040e0-edfe9ed2-41474087-8fd080ea-7c63bcb952a669a65d250278"><ac:plain-text-body><![CDATA[ | [[IEEE 754 | https://www.securecoding.cert.org/confluence/display/seccode/AA.+C+References#AA.CReferences-IEEE7542006 | IEEE 754]] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3832f6de183806e9-7120e47f-41714a79-a98ea95c-e7efd292d9b3bc8683f812c2"><ac:plain-text-body><![CDATA[ | [[IEEE 1003.1, 2004 | https://www.securecoding.cert.org/confluence/display/seccode/AA.+C+References#AA.CReferences-IEEE1003 | IEEE 1003.1, 2004]] | ]]></ac:plain-text-body></ac:structured-macro> |
...