You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 43 Next »

Division and modulo operations are susceptible to divide-by-zero errors.

Division

The result of the / operator is the quotient from the division of the first arithmetic operand by the second arithmetic operand. Division operations are susceptible to divide-by-zero errors. Overflow can also occur during two's-complement signed integer division when the dividend is equal to the minimum (negative) value for the signed integer type and the divisor is equal to -1 (see INT32-C. Ensure that operations on signed integers do not result in overflow).

Noncompliant Code Example

This code can result in a divide-by-zero error during the division of the signed operands sl1 and sl2.

signed long sl1, sl2, result;

result = sl1 / sl2;

Compliant Solution

This compliant solution tests the suspect division operation to guarantee there is no possibility of divide-by-zero errors or signed overflow.

signed long sl1, sl2, result;

if ( (sl2 == 0) || ( (sl1 == LONG_MIN) && (sl2 == -1) ) ) {
  /* handle error condition */
}
result = sl1 / sl2;

Modulo

The modulo operator provides the remainder when two operands of integer type are divided.

Noncompliant Code Example

This code can result in a divide-by-zero error during the modulo operation on the signed operands sl1 and sl2.

signed long sl1, sl2, result;

result = sl1 % sl2;

Compliant Solution

This compliant solution tests the suspect modulo operation to guarantee there is no possibility of a divide-by-zero error or an overflow error.

signed long sl1, sl2, result;

if ( (sl2 == 0 ) || ( (sl1 == LONG_MIN) && (sl2 == -1) ) ) {
  /* handle error condition */
}
result = sl1 % sl2;

Risk Assessment

A divide by zero can result in abnormal program termination and denial of service.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

INT33-C

low

likely

medium

P6

L2

Automated Detection

Fortify SCA Version 5.0 with CERT C Rule Pack can detect violations of this rule.

Compass/ROSE can detect some violations of this rule. In particular, it ensures that all operations involving division or modulo are preceded by a check ensuring that the second operand is non-zero.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[ISO/IEC 9899:1999]] Section 6.5.5, "Multiplicative operators"
[[Seacord 05]] Chapter 5, "Integers"
[[Warren 02]] Chapter 2, "Basics"


      04. Integers (INT)       INT34-C. Do not shift a negative number of bits or more bits than exist in the operand

  • No labels