Zero constant value is used directly as a divisor in a division or modulo operation
An attempt to do a division or modulo operation using zero as the divisor causes a runtime error. Division by zero defects often occur due to ineffective error handling or race conditions, and typically cause abnormal program termination. Before a value is used as the divisor of a division or modulo operation in C/C++ code, it must be checked to confirm that it is not equal to zero.
The DBZ checkers look for instances in which a zero constant value is used as the divisor of a division or modulo operation.
The DBZ.CONST checker flags situations in which a zero constant value is used explicitly as a divisor of a division or modulo operation.
Vulnerability and risk
Integer division by zero usually result in the failure of the process or an exception. It can also result in success of the operation, but gives an erroneous answer. Floating-point division by zero is more subtle. It depends on the implementation of the compiler. If the compiler is following the IEEE floating-point standard (IEEE 754), then the result of the floating-point division by zero has a well-defined result. However, the C and C++ standards do not enforce compliance to IEEE 754. Thus, floating-point division by zero has an undefined behavior in C and C++ and might result in the failure of the process or an exception.
Division by zero issues typically occur due to ineffective exception handling. To avoid this vulnerability, do not use a zero value as the divisor of a division or modulo operation.
Vulnerable code example
int size = 10;
return size / 0;
Klocwork produces an issue report at line 4 indicating that the zero constant value is used as the divisor of the division operation on line 4. A division by zero can produce unexpected and unintended results.
This code can be fixed by removing the division by zero.
Application security training materials provided by Secure Code Warrior.