...
| Wiki Markup |
|---|
The exact treatment of error conditions from math functions is quite complicated. C99, Section 7.12.1, defines the following behavior for floating point overflow \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\]: |
...
| Code Block |
|---|
#include <math.h>
#if defined(math_errhandling) \
&& (math_errhandling & MATH_ERREXCEPT)
#include <fenv.h>
#endif
/* ... */
#if defined(math_errhandling) \
&& (math_errhandling & MATH_ERREXCEPT)
feclearexcept(FE_ALL_EXCEPT);
#endif
errno = 0;
/* call the function */
#if !defined(math_errhandling) \
|| (math_errhandling & MATH_ERRNO)
if (errno != 0) {
/* handle range error */
}
#endif
#if defined(math_errhandling) \
&& (math_errhandling & MATH_ERREXCEPT)
if (fetestexcept(FE_INVALID
| FE_DIVBYZERO
| FE_OVERFLOW
| FE_UNDERFLOW) != 0) {
/* handle range error */
}
#endif
|
See guideline recommendation FLP03-C. Detect and handle floating point errors for more details on how to detect floating point errors.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: FLP32-CPP. Prevent or detect domain and range errors in math functions
Bibliography
unmigrated-wiki-markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.3, "Complex arithmetic <{{complex.h}}>", and Section 7.12, "Mathematics <{{math.h}}>"
MITRE CWE: CWE-682, "Incorrect Calculation"
Bibliography
| Wiki Markup |
|---|
\[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE ID 682|http://cwe.mitre.org/data/definitions/682.html], "Incorrect Calculation"
\[[Plum 1985|AA. Bibliography#Plum 85]\] Rule 2-2
\[[Plum 1989|AA. Bibliography#Plum 91]\] Topic 2.10, "conv - conversions and overflow" |
...