SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 62

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following table shows the value of currentBalance returned for various arguments:

Input

currentBalance

25

25.00000

infinity

inf

inf

inf

-infinity

-inf

NaN

nan

nan

nan

1e9999

inf

-1e9999

-inf

As this example demonstrates, the user can enter the exceptional values infinity and NaN, as well as force a float's value to be infinite, by entering out-of-range floats. These entries subsequently corrupt the value of currentBalance. So by entering exceptional floats, an attacker can corrupt the program data, possibly leading to a crash.

...

Inappropriate floating-point inputs can result in invalid calculations and unexpected results, possibly leading to crashing and providing a denial-of-service opportunity.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

FLP04-C

Low

Probable

No

High

Yes

P2

P4

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported: Astrée reports potential runtime error resulting from missing checks for exceptional values.

 Related Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this recommendation on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardFLP04-CPP. Check floating-point inputs for exceptional values
CERT Oracle Secure Coding Standard for JavaFLP06-J. Check floating-point inputs for exceptional values

Bibliography

[IEEE 754]
[IEEE Std 1003.1:2013]

...


...

Image Modified Image Modified Image Modified