SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 37 Next »

Division and modulo operations are susceptible to divide-by-zero errors. Consequently, the divisor in a division or modulo operation must be checked for zero prior to the operation.

Noncompliant Code Example (Division)

The result of the / operator is the quotient from the division of the first arithmetic operand by the second arithmetic operand. Division operations are susceptible to divide-by-zero errors. Overflow can also occur during two's-complement signed integer division when the dividend is equal to the minimum (negative) value for the signed integer type and the divisor is equal to —1. See rule NUM00-J for more information. This noncompliant code example can result in a divide-by-zero error during the division of the signed operands num1 and num2.

This code can result in a divide-by-zero error during the division of the signed operands num1 and num2.

long num1, num2, result;

/* Initialize num1 and num2 */

result = num1 / num2;

Compliant Solution (Division)

This compliant solution tests the divisor to guarantee there is no possibility of divide-by-zero errors.

long num1, num2, result;

/* Initialize num1 and num2 */

if (num2 == 0) {
  // handle error
} else {
  result = num1 / num2;
}

Noncompliant Code Example (Modulo)

The % operator provides the remainder when two operands of integer type are divided. This noncompliant code example can result in a divide-by-zero error during the remainder operation on the signed operands num1 and num2.

long num1, num2, result;

/* Initialize num1 and num2 */

result = num1 % num2;

Compliant Solution (Modulo)

This compliant solution tests the divisor to guarantee there is no possibility of a divide-by-zero error.

long num1, num2, result;

/* Initialize num1 and num2 */

if (num2 == 0) {
  // handle error
} else {
  result = num1 % num2;
}

Risk Assessment

A division or modulo by zero can result in abnormal program termination and denial of service (DoS).

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

NUM02-J

low

likely

medium

P6

L2

Automated Detection

Automated detection exists for C and C++ but not for Java yet.

Related Guidelines

CERT C Secure Coding Standard

INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors

CERT C++ Secure Coding Standard

INT33-CPP. Ensure that division and modulo operations do not result in divide-by-zero errors

MITRE CWE

CWE-369. Divide by zero

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7daa0014-9d48-4ba0-837d-1c836eb0eaa1"><ac:plain-text-body><![CDATA[

[[ISO/IEC 9899:1999

AA. Bibliography#ISO/IEC 9899-1999]]

Section 6.5.5, Multiplicative Operators

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="af97cd4c-a1a2-425a-a6c2-5f43602e3040"><ac:plain-text-body><![CDATA[

[[Seacord 05

AA. Bibliography#Seacord 05]]

Chapter 5, Integers

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="60ab2e99-0964-4703-ac80-59faedda4d2e"><ac:plain-text-body><![CDATA[

[[Warren 02

AA. Bibliography#Warren 02]]

Chapter 2, Basics

]]></ac:plain-text-body></ac:structured-macro>

      03. Numeric Types and Operations (NUM)      

  • No labels