...
Noncompliant Code Example
The following This noncompliant code example accepts user data without first validating it:
...
The following table shows the value of currentBalance returned for various arguments:
Input |
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
As this example demonstrates, the user can enter the exceptional values infinity and NaN, as well as force a float's value to be infinite, by entering out-of-range floats. These entries subsequently corrupt the value of currentBalance. So by entering exceptional floats, an attacker can corrupt the program data, possibly leading to a crash.
Compliant Solution
The following code This compliant solution first validates the input float before using it. The value is tested to ensure that it is neither an infinity nor a NaN.
...
Inappropriate floating-point inputs can result in invalid calculations and unexpected results, possibly leading to crashing and providing a denial-of-service opportunity.
Recommendation | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
FLP04-C | Low | Probable | No |
Yes |
P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported: Astrée reports potential runtime error resulting from missing checks for exceptional values. |
Related Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this recommendation on the CERT website.
Related Guidelines
| SEI CERT C++ |
| Coding Standard | FLP04-CPP. Check floating-point inputs for exceptional values |
| CERT Oracle Secure Coding Standard for Java | FLP06-J. Check floating-point inputs for exceptional values |
Bibliography
...
...