Division and modulo operations are susceptible to divide-by-zero errors. According to section 6.5.5, paragraph 5 of \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] (see also [undefined behavior 42 | CC. Undefined Behavior#ub_42] of Annex J):

The result of the / operator is the quotient from the division of the first operand by the second; the result of the % operator is the remainder. In both operations, if the value of the second operand is zero, the behavior is undefined.

(See also undefined behavior 42 of Annex J.)

Division

The result of the / operator is the quotient from the division of the first arithmetic operand by the second arithmetic operand. Division operations are susceptible to divide-by-zero errors. Overflow can also occur during two's complement signed integer division when the dividend is equal to the minimum (negative) value for the signed integer type and the divisor is equal to —1. (see See guideline INT32-C. Ensure that operations on signed integers do not result in overflow.).

Noncompliant Code Example

...

Automated Detection

...

...

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : INT33-CPP. Ensure that division and modulo operations do not result in divide-by-zero errors.

Bibliography

\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.5.5, "Multiplicative operators"
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 369|http://cwe.mitre.org/data/definitions/369.html], "Divide By Zero"
\[[Seacord 052005|AA. Bibliography#Seacord 05]\] Chapter 5, "Integers"
\[[Warren 022002|AA. Bibliography#Warren 02]\] Chapter 2, "Basics"

...