SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 39 Next »

Division and modulo operations are susceptible to divide-by-zero errors. Consequently, the divisor in a division or modulo operation must be checked for zero prior to the operation.

Noncompliant Code Example (Division)

The result of the / operator is the quotient from the division of the first arithmetic operand by the second arithmetic operand. Division operations are susceptible to divide-by-zero errors. Overflow can also occur during two's-complement signed integer division when the dividend is equal to the minimum (negative) value for the signed integer type and the divisor is equal to —1. See rule NUM00-J. Detect or prevent integer overflow for more information. This noncompliant code example can result in a divide-by-zero error during the division of the signed operands num1 and num2.

This code can result in a divide-by-zero error during the division of the signed operands num1 and num2.

long num1, num2, result;

/* Initialize num1 and num2 */

result = num1 / num2;

Compliant Solution (Division)

This compliant solution tests the divisor to guarantee there is no possibility of divide-by-zero errors.

long num1, num2, result;

/* Initialize num1 and num2 */

if (num2 == 0) {
  // handle error
} else {
  result = num1 / num2;
}

Noncompliant Code Example (Modulo)

The % operator provides the remainder when two operands of integer type are divided. This noncompliant code example can result in a divide-by-zero error during the remainder operation on the signed operands num1 and num2.

long num1, num2, result;

/* Initialize num1 and num2 */

result = num1 % num2;

Compliant Solution (Modulo)

This compliant solution tests the divisor to guarantee there is no possibility of a divide-by-zero error.

long num1, num2, result;

/* Initialize num1 and num2 */

if (num2 == 0) {
  // handle error
} else {
  result = num1 % num2;
}

Risk Assessment

A division or modulo by zero can result in abnormal program termination and denial of service (DoS).

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

NUM02-J

low

likely

medium

P6

L2

Automated Detection

Automated detection exists for C and C++ but not for Java yet.

Related Guidelines

CERT C Secure Coding Standard

INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors

CERT C++ Secure Coding Standard

INT33-CPP. Ensure that division and modulo operations do not result in divide-by-zero errors

MITRE CWE

CWE-369. Divide by zero

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="493b7c84-cc77-43a7-8c6e-1194e693710c"><ac:plain-text-body><![CDATA[

[[ISO/IEC 9899:1999

AA. References#ISO/IEC 9899-1999]]

Section 6.5.5, Multiplicative Operators

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d7bcc9ec-4f65-49f4-b2a0-b2e742f0473d"><ac:plain-text-body><![CDATA[

[[Seacord 05

AA. References#Seacord 05]]

Chapter 5, Integers

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d710df91-f249-4088-bb4e-43b70dfb523e"><ac:plain-text-body><![CDATA[

[[Warren 02

AA. References#Warren 02]]

Chapter 2, Basics

]]></ac:plain-text-body></ac:structured-macro>

      03. Numeric Types and Operations (NUM)      

  • No labels