SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 17

changes.mady.by.user Tracey Tamules

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

Division and modulo remainder operations performed on integers are susceptible to divide-by-zero errors. Consequently, the divisor in a division or remainder operation on integer types must be checked for zero prior to the operation. Division and remainder operations performed on floating-point numbers are not subject to this rule.

Noncompliant Code Example (Division)

The result of the / operator is the quotient from the division of the first arithmetic operand by the second arithmetic operand. Division operations are susceptible to divide-by-zero errors. Overflow can also occur during two's-complement signed integer division when the dividend is equal to the minimum (negative) value for the signed integer type and the divisor is equal to —1. (See rule "−1 (see NUM00-J. Detect or prevent integer overflow".)

Noncompliant Code Example

This code for more information). This noncompliant code example can result in a divide-by-zero error during the division of the signed operands sl1 num1 and sl2. num2:

Code Block
bgColor#FFcccc

signed long sl1num1, sl2num2, result;

/* Initialize sl1num1 and sl2num2 */

result = sl1num1 / sl2num2;

Compliant Solution (Division)

This compliant solution tests the suspect division operation divisor to guarantee there is no possibility of divide-by-zero errors.:

Code Block
bgColor#ccccff

signed long sl1num1, sl2num2, result;

/* Initialize sl1num1 and sl2num2 */

if ( (sl2num2 == 0) ) {
  //* handleHandle error condition */
}
 else {
  result = sl1num1 / sl2num2;
}

...

Noncompliant Code Example (Remainder)

The % operator provides the remainder when two operands of integer type are divided.

Noncompliant Code Example

This noncompliant code example can result in a divide-by-zero error during the remainder operation on the signed operands sl1 num1 and sl2. num2:

Code Block
bgColor#FFcccc

signed long sl1num1, sl2num2, result;

/* Initialize sl1num1 and sl2num2 */

result = sl1num1 % sl2num2;

Compliant Solution (Remainder)

This compliant solution tests the suspect remainder operation divisor to guarantee there is no possibility of a divide-by-zero error.:

Code Block
bgColor#ccccff

signed long sl1num1, sl2num2, result;

/* Initialize sl1num1 and sl2num2 */

if ( (sl2num2 == 0 ) ) {
  /*/ handleHandle error condition */
}
 else {
  result = sl1num1 % sl2num2;
}

Risk Assessment

A divide-division or remainder by - zero can result in abnormal program termination and denial-of-service (DoS).

Recommendation

Rule

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

NUM15

NUM02-J

Low

low

Likely

likely

No

medium

Yes

P6

L2

Automated Detection

...

Automated detection exists for C and C++, but not for Java yet.

Related Vulnerabilities

Tool
Version
Checker
Description
Coverity7.5DIVIDE_BY_ZEROImplemented
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.NUM02.ZEROAvoid division by zero
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V6020
SonarQube

Include Page
SonarQube_V
SonarQube_V

S3518Zero should not be a possible denominator

Related Guidelines

SEI CERT C

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="c96b8e27-b0b4-44de-a0c8-af9c04ade124"><ac:plain-text-body><![CDATA[

[[MITRE 07

AA. Bibliography#MITRE 07]]

[CWE ID 369

http://cwe.mitre.org/data/definitions/369.html], "Divide By Zero"

]]></ac:plain-text-body></ac:structured-macro>

CERT C Secure

Coding Standard

INT33-C. Ensure that division and

modulo

remainder operations do not result in divide-by-zero errors

.

CERT C++ Secure Coding Standard

INT33-CPP. Ensure that division and modulo operations do not result in divide-by-zero errors

Bibliography

MITRE CWE

CWE-369, Divide by Zero

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="521dad9c-2847-48a4-a062-b4acb0e7c039"><ac:plain-text-body><![CDATA[

[

[ISO/IEC 9899:1999

AA. Bibliography#ISO/IEC 9899-1999]

]

Section

Subclause 6.5.5, "Multiplicative

operators"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="11d625c5-2fd0-496b-bc6b-8491e7c22f57"><ac:plain-text-body><![CDATA[

[[Seacord 05

AA. Bibliography#Seacord 05]

Operators"

[Seacord 05]

Chapter 5, "Integers"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6f0e6974-849b-4b10-b0f1-e1d53735f4bb"><ac:plain-text-body><![CDATA[

[[Warren 02

AA. Bibliography#Warren 02]
[Seacord 2015]
 Image result for video iconImage Added NUM02-J. Ensure that division and modulo operations do not result in divide-by-zero errors LiveLesson

[Warren 02]

Chapter 2, "Basics"

]]></ac:plain-text-body></ac:structured-macro>


...

NUM14-J. Beware of precision loss when converting primitive integers to floating-point      03. Numeric Types and Operations (NUM)      04. Object Orientation (OBJ)Image Added Image Added Image Added