CS.DBZ.GENERAL

Assigned zero constant value might be used in a division by zero

An attempt to do a division or modulo operation using zero as the divisor causes a runtime error. Division by zero defects often occur due to ineffective error handling or race conditions, and typically cause abnormal program termination. Before a value is used as the divisor of a division or modulo operation in C# code, it must be checked to confirm that it is not equal to zero.

The DBZ checkers look for instances in which a zero constant value is used as the divisor of a division or modulo operation.

The CS.DBZ.GENERAL checker flags situations in which a variable that has been assigned a zero constant value locally, or as the result of a function call, might subsequently be used explicitly or passed to a function that might use it as a divisor of a division or modulo operation, without checking it for the zero value.

Vulnerability and risk

Integer division by zero usually results in the failure of the process or an exception. It can also result in the success of the operation, but gives an erroneous answer.

Mitigation and prevention

Division by zero issues typically occur due to ineffective exception handling. To avoid this vulnerability, check for a zero value before using it as the divisor of a division or modulo operation.

Vulnerable code example

1   namespace DBZ
2   {
3       class Program
4       {
5           static int Test1(int[] array, int size)
6           {
7               int sum = 0;
8               for (int i = 0; i < 3; ++i)
9               {
10                  sum += array[i];
11              }
12              return sum / size;
13          }
14          static void Main(string[] args)
15          {
16              int size = 0;
17              int[] arr = { 2, 3, 4 };
18              int mean = Test1(arr, size);
19         }
20      }
21  }

Klocwork produces an issue report at line 18 indicating that 'size' might be used in a division by zero.

Fixed code example

1   namespace DBZ
2   {
3       class Program
4       {
5           static int Test1(int[] array, int size)
6           {
7               if(size ==0)
8               {
9                   return 0;
10              }
11              int sum = 0;
12              for (int i = 0; i < 3; ++i)
13              {
14                  sum += array[i];
15              }
16              return sum / size;
17          }
18          static void Main(string[] args)
19          {
20              int size = 0;
21              int[] arr = { 2, 3, 4 };
22              int mean = Test1(arr, size);
23         }
24      }
25  }

The issue from the vulnerable code example is fixed. The input variable 'size' is checked for a zero constant value in line 7 and prevents the division operation from occurring if the value is zero.

External guidance

Security training

Application security training materials provided by Secure Code Warrior.