Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

from [Susam Pal] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
Date: Sat, 29 Sep 2007 00:22:56 +0530 
Yes. If one operand of a binary operator is of double type and the other 
is of float type, then it is converted to double before the operator 
operates. In this case when float type 0.7 is converted to double type, 
the converted value is not exactly equal to double type 0.7. It can 
never be on many implementations because some precision is lost in float 
type 0.7.

So, I wanted to highlight that these issues are to be taken care of by 
the programmer. Hence, we should not say that the flaw is in Firefox.

Regards,
Susam Pal
http://susam.in/

Brian Kim wrote, On Saturday 29 September 2007 12:08 AM:


Wouldn't that be because (float)0.7 != (double)0.7?

Also, relevant to the whole discussion:
http://www.cygnus-software.com/papers/comparingfloats/comparingfloats.htm

Cheers!
Brian


On 9/28/07, Susam Pal <susam@susam.in> wrote:

Let's take this C code.

#include <stdio.h>

int main(int argc, char **argv) {
  float a = 0.7;
  if(a == 0.7) {
    printf("%f is equal to %f\n", a, 0.7);
  } else {
    printf("%f is not equal to %f\n", a, 0.7);
  }
}

On many implementations (not necessarily all implementations) we will
get the output as:-

0.700000 is not equal to 0.700000

For example, on my Debian Etch with gcc 4.1.2, the output is as shown
above. This doesn't mean it is a bug in GCC. We can't call this a bug in
GCC because it's just a limitation of floating point math. The
programmer should be careful of these floating point issues while
programming.

Similarly, if someone doesn't take care of the floating point behavior
while writing code in JavaScript, we should say that the JavaScript code
has the bug instead of saying that the bug is in Firefox.

Regards,
Susam Pal
http://susam.in/

carl hardwick wrote, On Friday 28 September 2007 09:46 PM:

There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
subtractions.

PoC concept here:
javascript:5.2-0.1
(copy this code into address bar)

Firefox 2.0.0.7 result: 5.1000000000000005 (WRONG!)
Internet Explorer 7 result: 5.1 (OK)


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] .NET REMOTING on port 31337, Fabrizio
Next by Date:  Re: [Full-disclosure] Trolls food, Jimby Sharp
Previous by Thread:  Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug, Brian Kim
Next by Thread:  Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug, Daniel Veditz
Indexes:  [Date] [Thread] [Top] [All Lists]