SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Christopher Leonavicius

Saved on

compared with

New Version 6

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: edited

The operation of the remainder operator in Java is defined in the Java Language Specification , Second Edition[[JLS 05]], Section 15.17.3, paragraph 3:

The remainder operation for operands that are integers after binary numeric promotion (§5.6.2) produces a result value such that (a/b)*b+(a%b) is equal to a. This identity holds even in the special case that the dividend is the negative integer of largest possible magnitude for its type and the divisor is -1 (the remainder is 0). It follows from this rule that the result of the remainder operation can be negative only if the dividend is negative, and can be positive only if the dividend is positive; moreover, the magnitude of the result is always less than the magnitude of the divisor.

...

In this noncompliant example, the integer hash references an element of the hash table. However, since the hash is not guaranteed to be positive, the lookup function may fail, producing a java.lang.ArrayIndexOutOfBoundsException on all negative inputs.

Code Block
bgColorFFCCCC
private int SIZE size= 16;
	
public int[] hashTable = new int[sizeSIZE];
	
public int lookup(int hash)
 {
  return hashTable[hash % size];
}

Compliant Solution

A compliant solution can One compliant implementation is to call a function that returns a true (always positive) modulus.

Code Block
bgColorCCCCFF
/* modulo function giving non-negative result */
private int SIZE = 16;
public int[] hashTable = new int[SIZE];

private int imod(int i, int j)
 {
  return (i < 0) ? ((-i) % j) : (i % j);
}
private int size=16;
	
public int[] hashTable=new int[size];
	
public int lookup(int hash)
 {
  return hashTable[imod(hash, size)];
}

OrAlternatively, an explicit range check must be preformed performed on the numerator at every susceptible point.

Code Block
bgColorCCCCFF

private int size=16;
	
public int[] hashTable=new int[size];
	
public int lookup(int hash)
 {
  if(hash < 0)
    return hashTable[(-hash) % size];
  return hashTable[hash % size];
}

Note that providing a well documented imod method is a better choice as it improves readability and makes it clear that its sole purpose is to return positive values when required and not to "fix" the unintuitive behavior of the remainder operator, as defined by the specification.

Risk Assessment

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

INT36 INT02-J

low

unlikely

high

P1

L3

Automated Detection

UnknownTODO

Other Languages

This rule appears in the C Secure Coding Standard as INT10-C. Do not assume a positive remainder when using the % operator, and INT10-CPP. Do not assume a positive remainder when using the % operator,

...