You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 34 Next »

Division and modulo operations are susceptible to divide-by-zero errors.

Division

The result of the / operator is the quotient from the division of the first arithmetic operand by the second arithmetic operand. Division operations are susceptible to divide-by-zero errors. Overflow can also occur during two's-complement signed integer division when the dividend is equal to the minimum (negative) value for the signed integer type and the divisor is equal to -1 (see INT32-C. Ensure that operations on signed integers do not result in overflow).

Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.

Modulo

The modulo operator provides the remainder when two operands of integer type are divided.

Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.

Risk Assessment

A divide by zero can result in abnormal program termination and denial of service.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

INT33-C

1 (low)

2 (probable)

2 (medium)

P4

L3

Automated Detection

Fortify SCA Version 5.0 with CERT C Rule Pack can detect violations of this rule.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[ISO/IEC 9899-1999]] Section 6.5.5, "Multiplicative operators"
[[Seacord 05]] Chapter 5, "Integers"
[[Warren 02]] Chapter 2, "Basics"


      04. Integers (INT)       INT34-C. Arguments to character handling functions must be representable as an unsigned char

  • No labels