...
The method AbsAdd() computes and returns the sum of the absolute value of parameters x and y. It lacks parameter validation, in violation of MET01-J. Validate method parameters. Consequently, it can produce incorrect results either because of integer overflow or when either or both of its arguments are Math.abs(Integer.MIN_VALUE).
...
| Code Block | ||
|---|---|---|
| ||
public static int AbsAdd(int x, int y) {
assert x != Integer.MIN_VALUE;
assert y != Integer.MIN_VALUE;
assert ((x <= Integer.MAX_VALUE - y))int absX = Math.abs(x);
int absY = Math.abs(y);
assert ((xabsX ><= Integer.MINMAX_VALUE - y)absY);
return Math.abs(x)absX + Math.abs(y)absY;
}
|
The conditions checked by the assertions are reasonable. However, the validation code is omitted when executing with assertions turned off.
...
| Code Block | ||
|---|---|---|
| ||
public static int AbsAdd(int x, int y) {
if( (x == Integer.MIN_VALUE || y == Integer.MIN_VALUE) ||{
throw (x>0 && y>0 && (x > Integer.MAX_VALUE - y)) ||
(x<0 && y<0 && (x < Integer.MINnew IllegalArgumentException();
}
int absX = Math.abs(x);
int absY = Math.abs(y);
if (absX > Integer.MAX_VALUE - yabsY))) {
throw new IllegalArgumentException();
}
return Math.abs(x)absX + Math.abs(y)absY;
}
|
Risk Assessment
Failure to validate method parameters can result in inconsistent computations, runtime exceptions, and control flow vulnerabilities.
...