...
When converting integers to floating-point values, and vice versa, it is important to carry out proper range checks to avoid undefined behavior . (See see FLP34-C. Ensure that floating-point conversions are within range of the new type).)
Noncompliant Code Example
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
void func(void) {
short a = 533;
int b = 6789;
long c = 466438237;
float d = a;
double e = b;
double f = c;
d /= 7; /* d is 76.14286 */
e /= 30; /* e is 226.3 */
f *= 789; /* f is 368019768993.0 */
} |
Exceptions
FLP06-C-EX0: It may be desirable to have the operation take place as integers before the conversion (obviating the need for a call to trunc(), for example). If this is the programmer's intention, it should be clearly documented to help future maintainers understand that this behavior is intentional.
...
Improper conversions between integers and floating-point values may yield unexpected results, especially loss of precision. Additionally, these unexpected results may actually involve overflow, or undefined behavior.
Recommendation | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
FLP06-C | Low | Probable |
No | No |
P2 |
L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported: This rule aims to prevent truncations and overflows. All possible overflows are reported by Astrée. | |||||||
| Axivion Bauhaus Suite |
| CertC-FLP06 | |||||||
| CodeSonar |
| LANG.TYPE.MOT | Mismatched operand types | ||||||
| Compass/ROSE |
Can detect violations of this rule. Any assignment operation where the type of the assigned-to value is | |||||||||
| Helix QAC |
| C4117, C4118 | |||||||
| LDRA tool suite |
|
442 S
443 S
444 S
Fully implemented
4117
4118
4119
435 S | Enhanced enforcement | ||||||||
| Parasoft C/C++test |
| CERT_C-FLP06-a | Implicit conversions from integral to floating type which may result in a loss of information shall not be used | ||||||
| PC-lint Plus |
| 653, 790, 942 | Fully supported | ||||||
| Polyspace Bug Finder |
| Checks for float overflow (rec. partially covered) | |||||||
| PVS-Studio |
| V636 |
| Splint |
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C Secure Coding Standard | FLP34-C. Ensure that floating-point conversions are within range of the new type |
| SEI CERT C++ |
| Coding Standard |
| VOID FLP05-CPP. Convert integers to floating point for floating point operations |
| CERT Oracle Secure Coding Standard for Java |
| NUM50-J. Convert integers to floating |
| point for floating-point operations | |
| MITRE CWE | CWE-681, Incorrect conversion between numeric types CWE-682, Incorrect calculation |
Bibliography
| [Hatton 1995] | Section 2.7.3, "Floating-Point Misbehavior" |
...
...