SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 55

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 56

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The following noncompliant code accepts user data without first validating it.:

Code Block
bgColor#FFCCCC
langc
float currentBalance; /* User's cash balance */
void doDeposit() {
  float val;

  scanf("%f", &val);

  if(val >= MAX_VALUE - currentBalance) {
    /* Handle range error */
  }

  currentBalance += val;
}

...

The following table shows the value of currentBalance returned for various arguments.:

Input

currentBalance

25

25.00000

infinity

inf

inf

inf

-infinity

-inf

NaN

nan

nan

nan

1e9999

inf

-1e9999

-inf

...

Search for vulnerabilities resulting from the violation of this recommendation on the CERT website.

Related Guidelines

CERT C++ Secure Coding StandardFLP04-CPP. Check floating-point inputs for exceptional values
CERT Oracle Secure Coding Standard for JavaFLP06-J. Check floating-point inputs for exceptional values

Bibliography

[IEEE 754]
[IEEE 1003.1, 2004]

 

...