...
| Code Block | ||
|---|---|---|
| ||
double currentBalance; // User's cash balance
void doDeposit(String userInput) {
double val;
try {
val = Double.valueOf(userInput);
} catch (NumberFormatException e) {
// Handle input format error
}
if (val >= Double.MAX_VALUE - currentBalance) {
// Handle range error
}
currentBalance += val;
}
|
...
| Code Block | ||
|---|---|---|
| ||
double currentBalance; // User's cash balance
void doDeposit(String s){
double val;
try {
val = Double.valueOf(userInput);
} catch (NumberFormatException e) {
// Handle input format error
}
if (Double.isInfinite(val)){
// Handle infinity error
}
if (Double.isNaN(val)) {
// Handle NaN error
}
if (val >= Double.MAX_VALUE - currentBalance) {
// Handle range error
}
currentBalance += val;
}
|
...
Incorrect or missing validation of floating-point input can result in miscalculations and unexpected results, possibly leading to inconsistent program behavior and DoSdenial of service.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
NUM08-J | low | probable | medium | P4 | L3 |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0e1084c4ab7ed268-64d5d43b-401c4a13-86869912-666ce8c2e80d39b59bd5675a"><ac:plain-text-body><![CDATA[ | [[IEEE 754 | https://www.securecoding.cert.org/confluence/display/seccode/AA.+C+References#AA.CReferences-IEEE7542006 | IEEE 754]] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7b55f34be0247ad0-ab0fa186-4b4d4e89-8b75803b-373e91efc2bd6361cd89f457"><ac:plain-text-body><![CDATA[ | [[IEEE 1003.1, 2004 | https://www.securecoding.cert.org/confluence/display/seccode/AA.+C+References#AA.CReferences-IEEE1003 | IEEE 1003.1, 2004]] | ]]></ac:plain-text-body></ac:structured-macro> |
...