Page History

...

As a result, code that depends upon the remainder operation always returns a positive result is erroneous.

Noncompliant Code Example

This noncompliant code example uses the integer hashKey as an index into the hash array. The hash key input could be negative, producing a negative result from the remainder operator. Consequently, the lookup function will throw a java.lang.ArrayIndexOutOfBoundsException.

private int SIZE = 16;	
public int[] hash = new int[SIZE];
	
public int lookup(int hashKey) {
  return hash[hashKey % SIZE];
}

Compliant Solution

This compliant solution calls a method that returns a remainder that is always positive.

// method imod() gives non-negative result
private int SIZE = 16;
public int[] hash = new int[SIZE];

private int imod(int i, int j) {
  int temp = i % j;
  return (temp < 0) ? -temp : temp; // unary - will succeed without overflow  
                                    // because temp cannot be Integer.MIN_VALUE
}
	
public int lookup(int hashKey) {
  return hash[imod(hashKey, size)];
}

Risk Assessment

Incorrectly assuming a positive remainder from a remainder operation can result in erroneous code.

Automated Detection

Automated detection of uses of the % operator is straightforward. Sound determination of whether those uses correctly reflect the intent of the programmer is infeasible in the general case. Heuristic warnings could be useful.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

Related Guidelines

C Secure Coding Standard: INT10-C. Do not assume a positive remainder when using the % operator

C++ Secure Coding Standard: INT10-CPP. Do not assume a positive remainder when using the % operator

Bibliography

\[[JLS 2005|AA. Bibliography#JLS 05]\] [Section 15.17.3|http://java.sun.com/docs/books/jls/third_edition/html/expressions.html#15.17.3] "Remainder Operators"

...