...
Code Block | ||
---|---|---|
| ||
for (i = 1; i <!= Integer.MAX_VALUE; i++) { // ... } |
...
This noncompliant code example initializes the loop counter i
to 0 and then increments it by 2 on each iteration, basically enumerating all the even, positive values. The loop is expected to terminate when i
is greater than Integer.MAX_value VALUE - 1
, an even value. In this case, the loop fails to terminate because the counter wraps around before becoming greater than Integer.MAX_VALUE - 1
.
Code Block | ||
---|---|---|
| ||
for (i = 0; i <= Integer.MAX_VALUE - 1; i += 2) {
// ...
}
|
Compliant Solution
The loop in this compliant solution terminates when the counter i is greater than Integer.MAX_VALUE minus the step value as the loop-terminating condition.
...
Incorrect termination of loops may result in infinite loops, poor performance, incorrect results, and other problems. In any of the conditions used to terminate a loop can be influenced by an attacker, these errors can be exploited to cause a denial of service or other attack.
Automated Detection
Bibliography
...