Possible loss of fraction when dividing integral values and assigning result to a floating point entity.

Vulnerability and risk

When two integral values are divided, the result is also truncated to an integral value (with loss of fraction portion). When the result is assigned to a floating point variable, the intent is most probably to get a real number without fraction loss.

Example 1

  class Foo {
    float Devider(long a, int b) {
      decimal d;
      float f = a / b; // defect
      d = a / b;       // defect
      f = b % 2;       // defect
      f = a / f;       // OK - one operand is not integral
      return f;

Security training

Application security training materials provided by Secure Code Warrior.