Page History

...

Code Block

bgColor	#FFcccc
lang	c

void func(signed long s_a;
, signed long s_b;
signed long result;

void func(void) {
  /*signed Initialize s_a and s_b */
  long result = s_a / s_b;

  /* ... */
}

...

Code Block

bgColor	#ccccff
lang	c

#include <limits.h>
 
void func(signed long s_a;
, signed long s_b;
signed long result;

void func(void) {
  /*signed Initialize s_a, s_b and result */

long result;
  if ( (s_b == 0) || ( (s_a == LONG_MIN) && (s_b == -1) ) ) {
    /* Handle error condition */
  } else {
    result = s_a / s_b;
  }

  /* ... */
}

...

Code Block

bgColor	#FFcccc
lang	c

void func(signed long s_a;
, signed long s_b;
signed long result;

void func(void) {
  /* Initialize s_a and s_b */
 signed long result = s_a % s_b;

  /* ... */
}

...

Code Block

bgColor	#ccccff
lang	c

#include <limits.h>
 
void func(signed long s_a;
, signed long s_b;
signed long result;

void func(void) {
  /* Initialize s_a, s_b and result */
signed long result;
  if ( (s_b == 0 ) || ( (s_a == LONG_MIN) && (s_b == -1) ) ) {
    /* Handle error condition */
  } else {
    result = s_a % s_b;
  }
  
  /* ... */
}

Risk Assessment

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding Standard	INT32-C. Ensure that operations on signed integers do not result in overflow
CERT C++ Secure Coding Standard	INT33-CPP. Ensure that division and modulo operations do not result in divide-by-zero errors
CERT Oracle Secure Coding Standard for Java	NUM02-J. Ensure that division and modulo operations do not result in divide-by-zero errors
ISO/IEC TS 17961	Integer division errors [diverr]
MITRE CWE	CWE-369, Divide by zero

Bibliography

[ISO/IEC 9899:2011]	Subclause 6.5.5, "Multiplicative operators"
[Seacord 2013]	Chapter 5, "Integer Security"
[Warren 2002]	Chapter 2, "Basics"

...

Space shortcuts

Page tree

Versions Compared

Old Version 84

New Version 85

Key

Risk Assessment

Related Guidelines

Bibliography