SEC-DIV-0-compare-after
Synopsis
After a successful comparison with 0, a variable is used as a divisor.
Enabled by default
Yes
Severity/Certainty
Medium/High
Full description
A variable is compared to 0, then used as a divisor before being written to. The comparison implies that the variable's value is 0 for all following statements. Using it as a divisor afterwards causes a 'divide by zero' runtime error. This check is identical to ATH-div-0-cmp-aft, MISRAC2004-1.2_e, MISRAC2012-Rule-1.3_c, CERT-INT33-C_b.
Coding standards
- CERT INT33-C
Ensure that division and modulo operations do not result in divide-by-zero errors
- CWE 369
Divide By Zero
- MISRA C:2004 1.2
(Required) No reliance shall be placed on undefined or unspecified behavior.
- MISRA C:2012 Rule-1.3
(Required) There shall be no occurrence of undefined or critical unspecified behaviour
Code examples
The following code example fails the check and will give a warning:
#include <stdlib.h>
int foo(void)
{
int a = 20;
int p = rand();
if (p == 0) /* p is 0 */
a = 34 / p;
return a;
}
The following code example passes the check and will not give a warning about this issue:
#include <stdlib.h>
int foo(void)
{
int a = 20;
int p = rand();
if (p != 0) /* p is not 0 */
a = 34 / p;
return a;
}