...
| Code Block | ||
|---|---|---|
| ||
double currentBalance; // User's cash balance
void doDeposit(String userInput) {
double val;
try {
val = Double.valueOf(userInput);
} catch (NumberFormatException e) {
// Handle input format error
}
if (val >= Double.MAX_VALUE - currentBalance) {
// Handle range error
}
currentBalance += val;
}
|
...
| Code Block | ||
|---|---|---|
| ||
double currentBalance; // User's cash balance
void doDeposit(String s){
double val;
try {
val = Double.valueOf(userInput);
} catch (NumberFormatException e) {
// Handle input format error
}
if (Double.isInfinite(val)){
// Handle infinity error
}
if (Double.isNaN(val)) {
// Handle NaN error
}
if (val >= Double.MAX_VALUE - currentBalance) {
// Handle range error
}
currentBalance += val;
}
|
...
Incorrect or missing validation of floating-point input can result in miscalculations and unexpected results, possibly leading to inconsistent program behavior and DoSdenial of service.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
NUM08-J | low | probable | medium | P4 | L3 |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a322fe3c07de9998-eb232531-4db64ec6-b11f82c2-9184a2b3768db85984fee75f"><ac:plain-text-body><![CDATA[ | [[IEEE 754 | https://www.securecoding.cert.org/confluence/display/seccode/AA.+C+References#AA.CReferences-IEEE7542006 | IEEE 754]] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9c7eda3ccb300fbb-9fc385e6-43dd47fb-9fe98f75-93e294460d54eb6a1c727be6"><ac:plain-text-body><![CDATA[ | [[IEEE 1003.1, 2004 | https://www.securecoding.cert.org/confluence/display/seccode/AA.+C+References#AA.CReferences-IEEE1003 | IEEE 1003.1, 2004]] | ]]></ac:plain-text-body></ac:structured-macro> |
...