SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 60

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 61

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Noncompliant Code Example

The following This noncompliant code example accepts user data without first validating it:

...

As this example demonstrates, the user can enter the exceptional values infinity and NaN, as well as force a float's value to be infinite, by entering out-of-range floats. These entries subsequently corrupt the value of currentBalance. So by entering exceptional floats, an attacker can corrupt the program data, possibly leading to a crash.

Compliant Solution

The following code This compliant solution first validates the input float before using it. The value is tested to ensure that it is neither an infinity nor a NaN.

...

Related Guidelines

CERT C++ Secure Coding StandardFLP04-CPP. Check floating-point inputs for exceptional values
CERT Oracle Secure Coding Standard for JavaFLP06-J. Check floating-point inputs for exceptional values

Bibliography

[IEEE 754]
[IEEE Std 1003.1, 2004:2013]

 

...