| Wiki Markup |
|---|
The operation of the remainder operator in Java is defined in the Java Language Specification \[[JLS 05|AA. Java References#JLS 05]\], Section 15.17.3 ""Remainder Operator %"": |
The remainder operation for operands that are integers after binary numeric promotion (§5§5.6.2) produces a result value such that (a/b)*b+(a%b) is equal to a. This identity holds even in the special case that the dividend is the negative integer of largest possible magnitude for its type and the divisor is -1 (the remainder is 0). It follows from this rule that the result of the remainder operation can be negative only if the dividend is negative, and can be positive only if the dividend is positive; moreover, the magnitude of the result is always less than the magnitude of the divisor.
...
| Code Block | ||
|---|---|---|
| ||
// method imod() gives non-negative result
private int SIZE = 16;
public int[] hash = new int[SIZE];
private int imod(int i, int j) {
return (i << 0) ? ((-i) % j) : (i % j);
}
public int lookup(int hashKey) {
return hash[imod(hashKey, size)];
}
|
...
| Code Block | ||
|---|---|---|
| ||
public int lookup(int hashKey) {
if (hashKey << 0)
return hash[(-hashKey) % size];
return hash[hashKey % size];
}
|
...
This rule appears in the C++ Secure Coding Standard as INT10-CPP. Do not assume a positive remainder when using the % operator,
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[JLS 05|AA. Java References#JLS 05]\] [§15§15.17.3 Remainder Operators|http://java.sun.com/docs/books/jls/third_edition/html/expressions.html#15.17.3] |