DBZ.ITERATOR.CALL
Division by zero might occur in a function call
An attempt to do a division or modulo operation using zero as the divisor causes a runtime error. Division by zero defects often occur due to ineffective error handling or race conditions, and typically cause abnormal program termination. Before a value is used as the divisor of a division or modulo operation in C/C++ code, it must be checked to confirm that it is not equal to zero.
The DBZ checkers look for instances in which a zero constant value is used as the divisor of a division or modulo operation.
The DBZ.ITERATOR.CALL checker flags situations in which a loop iterator might be used in a division by zero operation in a call to a function.
Vulnerability and risk
Usually division by zero is carefully avoided to prevent a program crash. If a function has the potential to trigger this issue due to the divider that is provided by the caller, the function user can lead to a division by zero condition. This case is especially true if the divider condition is decided by the loop because it is more difficult to calculate or to know what to expect.
Mitigation and prevention
Division by zero issues typically occur due to ineffective exception handling. To avoid this vulnerability, check for a zero value before using it as the divisor of a division or modulo operation.
The range of the divider must be calculated and set to avoid a zero condition both within the function and from the function caller.
Vulnerable code example 1
int foo(int a, int b)
{
int x = 0;
for (int i = a; i < b; i++) {
x += 100/i;
}
return x;
}
void bar()
{
int a = -3;
int b = 2;
foo(a, b); // DBZ.ITERATOR.CALL
}In the function 'foo', the for loop condition is decided by the parameters 'a' and 'b'. The 'bar' function calls the 'foo' function with parameter -3 and 2, and that range includes 0. Klocwork reports a DBZ.ITERATOR.CALL issue on line 13.
Fixed code example 1
int foo(int a, int b)
{
int x = 0;
for (int i = a; i < b; i++) {
x += 100/i;
}
return x;
}
void bar()
{
int a = -3;
int b = 0;
foo(a, b); // NO DBZ.ITERATOR.CALL
}By adjusting the variable 'b' in function bar to 0, the loop condition no longer reaches 0.
Vulnerable code example 2
int foo(int a, int b)
{
int x = 0;
for (int i = a; i >= b; i--) {
x += 100/i;
}
return x;
}
void bar()
{
foo(3,0); // DBZ.ITERATOR.CALL
}Similar to example number 1, the function 'foo' contains a for loop, but in this case the loop condition includes 0 as its minimum value. Therefore, calling foo with the parameter 0 triggers a DBZ.ITERATOR.CALL issue on line 11.
Fixed code example 2
int foo(int a, int b)
{
int x = 0;
for (int i = a; i >= b; i--) {
x += 100/i;
}
return x;
}
void bar()
{
foo(3,1); // NO DBZ.ITERATOR.CALL
}In this fixed example, the caller uses parameters 3 and 1 and therefore avoids a 0 condition in the loop.
Related checkers
External guidance
Security training
Application security training materials provided by Secure Code Warrior.
Extension
This checker can be extended through the Klocwork knowledge base. See Tuning C/C++ analysis for more information.
