RS.DBZ.CONST.CALL

Zero constant value is passed to a function and might be used in a division by zero

An attempt to do a division or modulo operation using zero as the divisor causes a runtime error. Division by zero defects often occur due to ineffective error handling or race conditions, and typically cause abnormal program termination. Before a value is used as the divisor of a division or modulo operation in Rust code, it must be checked to confirm that it is not equal to zero.

The RS.DBZ checkers look for instances in which a zero constant value is used as the divisor of a division or modulo operation.

The RS.DBZ.CONST.CALL checker flags situations in which an explicit zero constant value is passed directly to a function call and might be used as a divisor of a division or modulo operation without checking it for the zero value.

Vulnerability and risk

Integer division by zero usually result in the failure of the process or an exception. It can also result in success of the operation, but gives an erroneous answer. Floating-point division by zero is more subtle. It depends on the implementation of the compiler.

Division by zero issues typically occur due to ineffective exception handling. To avoid this vulnerability, check for a zero value before using it as the divisor of a division or modulo operation.

Vulnerable code example

fn divide(a: i32, b: i32) -> i32 {
    a / b
}

fn main() {
    let x = 0;
    let _y = divide(1, x); // RS.DBZ.CONST.CALL
}

Fixed code example

fn divide(a: i32, b: i32) -> i32 {
    if (b == 0) {
        println!("Cannot divide by zero!");
        return 0; // Return a default value or handle as needed
    }
    a / b
}

fn main() {
    let x = 0;
    let _y = divide(1, x); //@no RS.DBZ.CONST.CALL
}

Related checkers

• RS.DBZ.GENERAL
• RS.DBZ.ITERATOR

External guidance

• CWE-369: Divide By Zero