...
Here, for example, entering "nan" for val would force currentBalance to also equal "nan", corrupting its value. If this value is used elsewhere for calculations, every resulting value would also be a NaN, possibly destroying important data.
Implementation Details
The following code was run on 32-bit GNU Linux using the GCC version 3.4.6 compiler. On this platform, FLT_MAX has the value 340282346638528859811704183484516925440.000000.
...
As this example demonstrates, the user can enter the exceptional values infinity and NaN, as well as force a float's value to be infinite by entering out-of-range floats. These entries subsequently corrupt the value of currentBalance. So by entering exceptional floats, an attacker can corrupt the program data, possibly leading to a crash.
Compliant
...
Solution
The following code first validates the input float before using it. The value is tested to ensure that it is neither an infinity nor a NaN.
...
Search for vulnerabilities resulting from the violation of this recommendation on the CERT website.
Related Guidelines
...
...
...
...
Bibliography
...