SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 7

changes.mady.by.user vishal patel

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

Division and modulo remainder operations performed on integers are susceptible to divide-by-zero errors. Consequently, the divisor in a division or remainder operation on integer types must be checked for zero prior to the operation. Division and remainder operations performed on floating-point numbers are not subject to this rule.

Noncompliant Code Example (Division)

The result of the / operator is the quotient from the division of the first arithmetic operand by the second arithmetic operand. Division operations are susceptible to divide-by-zero errors. Overflow can also occur during two's-complement signed integer division when the dividend is equal to the minimum (negative) value for the signed integer type and the divisor is equal to —1. (See guideline "−1 (see NUM00-J. Detect or prevent integer overflow".)

Noncompliant Code Example

This code for more information). This noncompliant code example can result in a divide-by-zero error during the division of the signed operands sl1 num1 and sl2. num2:

Code Block
bgColor#FFcccc

signed long sl1num1, sl2num2, result;

/* Initialize sl1num1 and sl2num2 */

result = sl1num1 / sl2num2;

Compliant Solution (Division)

This compliant solution tests the suspect division operation divisor to guarantee there is no possibility of divide-by-zero errors.:

Code Block
bgColor#ccccff

signed long sl1num1, sl2num2, result;

/* Initialize sl1num1 and sl2num2 */

if ( (sl2num2 == 0) ) {
  /*/ handleHandle error condition */
}
 else {
  result = sl1num1 / sl2num2;
}

...

Noncompliant Code Example (Remainder)

The % operator provides the remainder when two operands of integer type are divided.

Noncompliant Code Example

This noncompliant code example can result in a divide-by-zero error during the remainder operation on the signed operands sl1 num1 and sl2. num2:

Code Block
bgColor#FFcccc

signed long sl1num1, sl2num2, result;

/* Initialize sl1num1 and sl2num2 */

result = sl1num1 % sl2num2;

Compliant Solution (Remainder)

This compliant solution tests the suspect remainder operation divisor to guarantee there is no possibility of a divide-by-zero error.:

Code Block
bgColor#ccccff

signed long sl1num1, sl2num2, result;

/* Initialize sl1num1 and sl2num2 */

if (num2 (sl2 == 0 ) ) {
  /*/ handleHandle error condition */
}
 else {
  result = sl1num1 % sl2num2;
}

Risk Assessment

A divide-division or remainder by - zero can result in abnormal program termination and denial-of-service (DoS).

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

INT33

NUM02-

CPP

J

Low

low

Likely

likely

No

medium

Yes

P6

L2

Automated Detection

...

Automated detection exists for C and C++, but not for Java yet.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

...

Tool
Version
Checker
Description
Coverity7.5DIVIDE_BY_ZEROImplemented
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.NUM02.ZEROAvoid division by zero
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V6020
SonarQube

Include Page
SonarQube_V
SonarQube_V

S3518Zero should not be a possible denominator

Related Guidelines

SEI CERT C Coding Standard

INT33-C. Ensure that division and remainder

...

operations do not result in divide-by-zero errors

Bibliography

MITRE CWE

CWE-369, Divide by Zero

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6ac3f359-9420-4e06-88db-a8c94c0ee156"><ac:plain-text-body><![CDATA[

[

[ISO/IEC 9899:

1999AA. Bibliography#ISO/IEC 9899-

1999]

]

Section

Subclause 6.5.5, "Multiplicative

operators"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3c3a2c3c-8c59-41b1-818e-fa8982e62987"><ac:plain-text-body><![CDATA[

[[MITRE 07

AA. Bibliography#MITRE 07]]

[CWE ID 369

http://cwe.mitre.org/data/definitions/369.html], "Divide By Zero"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="64c8d970-311e-4a38-8899-1d44219427c0"><ac:plain-text-body><![CDATA[

[[Seacord 05

AA. Bibliography#Seacord 05]]

Operators"

[Seacord 05]

Chapter 5, "Integers"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f8f99d72-13b7-4124-a4d4-12742fb864ef"><ac:plain-text-body><![CDATA[

[[Warren 02

AA. Bibliography#Warren 02]
[Seacord 2015]
 Image result for video iconImage Added NUM02-J. Ensure that division and modulo operations do not result in divide-by-zero errors LiveLesson

[Warren 02]

Chapter 2, "Basics"

]]></ac:plain-text-body></ac:structured-macro>


...

NUM17-J. Beware of precision loss when converting primitive integers to floating-point      03. Numeric Types and Operations (NUM)      04. Object Orientation (OBJ)Image Added Image Added Image Added