SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 50

changes.mady.by.user Tracey Tamules

Saved on

compared with

New Version 51

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

NaN values are particularly problematic because they are unordered. That is, the expression NaN == NaN always returns false. (See rule "NUM07-J. Do not attempt comparisons with NaN.")

Noncompliant Code Example

This noncompliant code example accepts user data without validating it.

...

In this noncompliant example, entering NaN for val would cause currentBalance to be set to NaN, corrupting its value. If this value were used in other expressions, every resulting value would also become NaN, possibly corrupting important data.

Compliant Solution

This compliant solution validates the floating-point input before using it. The value is tested to ensure that it is neither infinity, -infinity, nor NaN.

Code Block
bgColor#ccccff
double currentBalance; // User's cash balance

void doDeposit(String s){
  double val;
  try {
    val = Double.valueOf(userInput);
  }
  catch(NumberFormatException e) {
    // Handle input format error
  }

  if (Double.isInfinite(val)){
    // Handle infinity error
  }

  if (Double.isNaN(val)) {
    // Handle NaN error
  }

  if (val >= Double.MAX_VALUE - currentBalance) {
    // Handle range error
  }
  currentBalance += val;
}

Exceptions

FLP11-EX1: Occasionally, NaN or infinity may be acceptable as expected inputs to a program. In such cases, explicit checks might not be necessary. However, such programs must be prepared to handle these exceptional values gracefully and should prevent propagation of the exceptional values to other code that fails to handle exceptional values. The choice to permit input of exceptional values during ordinary operation should be explicitly documented.

Risk Assessment

Incorrect or missing validation of floating-point input can result in miscalculations and unexpected results, possibly leading to inconsistent program behavior and denial of service (DoS).

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

NUM11-J

low

probable

medium

P4

L3

Automated Detection

Automated detection is infeasible in the general case. It could be possible to develop a taint-like analysis that detects many interesting cases.

Related Vulnerabilities

HARMONY-6242, HARMONY-6268

Related Guidelines

C Secure Coding Standard

"FLP04-C. Check floating point inputs for exceptional values"

C++ Secure Coding Standard

"FLP04-CPP. Check floating point inputs for exceptional values"

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2d05b8b68119965e-3f1e8a9a-40114002-aa28ab41-ba2d412d4988182aacd46c2b"><ac:plain-text-body><![CDATA[

[[IEEE 754

https://www.securecoding.cert.org/confluence/display/seccode/AA.+C+References#AA.CReferences-IEEE7542006

IEEE 754]]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d230d230b7a5751f-9e34212c-4e364b81-86688897-7d5d4f00dbc4f07448c13c45"><ac:plain-text-body><![CDATA[

[[IEEE 1003.1, 2004

https://www.securecoding.cert.org/confluence/display/seccode/AA.+C+References#AA.CReferences-IEEE1003

IEEE 1003.1, 2004]]

]]></ac:plain-text-body></ac:structured-macro>

...