Divide By Zero |
Weakness ID: 369 (Weakness Base) | Status: Draft |
Description Summary
Extended Description
This weakness typically occurs when an unexpected value is provided to the product, or if an error occurs that is not properly detected. It frequently occurs in calculations involving physical dimensions such as size, length, width, and height.
Example 1
The following Java example contains a function to compute an average but does not validate that the input value used as the denominator is not zero. This will create an exception for attempting to divide by zero. If this error is not handled by Java exception handling, unexpected results can occur.
By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. The following Java code example will validate the input value, output an error message, and throw an exception.
Example 2
The following C/C++ example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.
By validating the input value used as the denominator the following code will ensure that a divide by zero error will not cause unexpected results. If the method is called and a zero is passed as the second argument a DivideByZero error will be thrown and should be caught by the calling block with an output message indicating the error.
Example 2 References:
Example 3
The following C# example contains a function that divides two numeric values without verifying that the input value used as the denominator is not zero. This will create an error for attempting to divide by zero, if this error is not caught by the error handling capabilities of the language, unexpected results can occur.
The method can be modified to raise, catch and handle the DivideByZeroException if the input value used as the denominator is zero.
Example 3 References:
Microsoft Corporation. <http://msdn.microsoft.com/en-us/library/ms173160(VS.80).aspx>. |
Reference | Description |
---|---|
CVE-2007-3268 | Invalid size value leads to divide by zero. |
CVE-2007-2723 | "Empty" content triggers divide by zero. |
CVE-2007-2237 | Height value of 0 triggers divide by zero. |
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Weakness Class | 682 | Incorrect Calculation | Development Concepts (primary)699 Research Concepts (primary)1000 |
ChildOf | Category | 730 | OWASP Top Ten 2004 Category A9 - Denial of Service | Weaknesses in OWASP Top Ten (2004) (primary)711 |
ChildOf | Category | 738 | CERT C Secure Coding Section 04 - Integers (INT) | Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734 |
ChildOf | Category | 739 | CERT C Secure Coding Section 05 - Floating Point (FLP) | Weaknesses Addressed by the CERT C Secure Coding Standard734 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
OWASP Top Ten 2004 | A9 | CWE More Specific | Denial of Service |
CERT C Secure Coding | FLP03-C | Detect and handle floating point errors | |
CERT C Secure Coding | INT33-C | Ensure that division and modulo operations do not result in divide-by-zero errors |
Modifications | ||||
---|---|---|---|---|
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Sean Eidemiller | Cigital | External | |
added/updated demonstrative examples | ||||
2008-07-01 | Eric Dalci | Cigital | External | |
updated Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Common Consequences, Description, Relationships, Other Notes, Taxonomy Mappings | ||||
2008-11-24 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2009-05-27 | CWE Content Team | MITRE | Internal | |
updated Demonstrative Examples | ||||
2009-10-29 | CWE Content Team | MITRE | Internal | |
updated Other Notes |