SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 23 Next »

Conversion from integer types such as char, short, int and long to floating types such as float and double in an assignment statement may lead to loss of information if one of the integer types is not converted to a floating type.

Non-Compliant Code Example

In this non-compliant code, the floating point variables d, e and f are not initialized correctly because the operations take place before the values are converted to floating point values and hence the results are truncated to nearest decimal point or may overflow.

short a = 533;
int b = 6789;
long c = 466438237;

float d = a / 7; /* d is 76.0 */
double e = b / 30; /* e is 226.0 */
double f = c * 789; /*  f may be negative due to overflow */

Compliant Code Solution 1

In this compliant code, we remove the decimal error in initialization by making the division operation to involve at least one floating point operand. Hence, the result of the operation is the correct floating point number.

short a = 533;
int b = 6789;
long c = 466438237;

float d = a / 7.0f; /* d is 76.14286 */
double e = b / 30.; /* e is 226.3 */
double f = (double)c * 789; /* f is 360*/

Compliant Code Solution 2

In this compliant code, we remove the decimal error in initialization by first storing the integer in the floating point variable and then performing the division operation. This ensures that atleast one of the operands is a floating point number and hence, the result is the correct floating point number.

short a = 533;
int b = 6789;
long c = 466438237;

float d = a;
double e = b;
double f = c;

d /= 7; /* d is 76.14286 */
e /= 30; /* e is 226.3 */
f /= 789; /* f is 591176.47275 */

Risk Assessment

It may be desirable for the operation to take place as integers before the conversion (obviating the need for a trunc() call, for example). In such cases, it should be clearly documented to avoid future maintainers misunderstanding the intent of the code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FLP33-C

1 (low)

2 (probable)

3 (low)

P6

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[Hatton 95] Section 2.7.3, "Floating-point misbehavior"
[ISO/IEC 9899-1999] Section 5.2.4.2.2, "Characteristics of floating types <float.h>"

  • No labels