SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 120

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 121

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

An example of a domain error is the square root of a negative number, such as sqrt(-1.0), which has no meaning in real arithmetic. On the other hand, ten 10 raised to the one1-millionth power, pow(10., 1e6), cannot be represented in many implementations' floating-point representation and consequently constitutes a range error. In both cases, the function will return some value, but the value returned is not the correct result of the computation.   An example of a pole error is log(0.0), which results in negative infinity.

...

Range Checking

Range errors usually cannot usually be prevented, so the most reliable way to handle range errors is to detect when they have occurred and act accordingly.

The exact treatment of error conditions from math functions is quite complicated. Subclause 7.12.1 paragraph 5 of , paragraph 5, of the C Standard [ISO/IEC 9899:2011] defines the following behavior for floating-point overflow:

...

It is also difficult to check for math errors using errno because an implementation might not set it. For real functions, the programmer can tell whether the implementation sets errno by checking whether math_errhandling & MATH_ERRNO is nonzero. For complex functions, the C Standard, subclause 7.3.2, paragraph 1, simply states that "an implementation may set errno but is not required to" [ISO/IEC 9899:2011].

...

Noncompliant Code Example (sqrt())

The following This noncompliant code example determines the square root of x:

...

Noncompliant Code Example (pow())

The following This noncompliant code example raises x to the power of y:

Code Block
bgColor#FFcccc
langc
#include <math.h>
 
void func(double x, double y) {
  double result;
  result = pow(x, y);
}

...

Because the pow() function can produce domain errors, pole errors and errors, and range errors, the programmer must first check that x and y lie within the proper domain and do not generate a pole error, then detect whether a range error occurs and act accordingly:

...

Failure to prevent or detect domain and range errors in math functions may result in cause unexpected results.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FLP32-C

Medium

Probable

Medium

P8

L2

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...