Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug

from [Rodrigo Barbosa] Network Security [Permanent Link]
Subject: Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug
Date: Fri, 28 Sep 2007 16:44:02 -0300 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, Sep 28, 2007 at 09:09:02PM +0200, Michal Zalewski wrote:

On Sat, 29 Sep 2007, Jimby Sharp wrote:


I don't get the same from C-style double arithmetics. Could you provide
a sample code that you believe should show the same behavior?


If you don't, it's presumably because the subtraction is optimized out by
the compiler, or because you printf() with an insufficient precision in
format spec. The following should do the trick:

volatile double a = 5.2;
volatile double b = 0.1;
main() { printf("%.16lf\n",a-b); }


Isn't this the same issue pointed out by Brian Kim (double to float 
conversion) ?

Look the results I get for the following code:

volatile double a = 5.2;
volatile double b = 0.1;
main() {
        printf("%.16lf\n",a);
        printf("%.16lf\n",b);
        printf("%.16lf\n",(volatile double) 5.1);
        printf("%.16lf\n",(volatile double)((float) 5.1));
        printf("%.16lf\n",a-b);
}


Results:
5.2000000000000002
0.1000000000000000
5.0999999999999996
5.0999999046325684      <------------
5.1000000000000005


- -- 
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFG/VmCpdyWzQ5b5ckRArw8AJ9snBYsgIK7pvwHbILw43gTtuz6rwCgqxGO
snsqqiu9zDaqhITIe/Ycf7o=
=MJfE
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Full-disclosure] .NET REMOTING on port 31337, full-disclosure
Next by Date:  Re: [Full-disclosure] .NET REMOTING on port 31337, Simon Smith
Previous by Thread:  Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug, Michal Zalewski
Next by Thread:  Re: [Full-disclosure] Firefox 2.0.0.7 has a very serious calculation bug, Michal Zalewski
Indexes:  [Date] [Thread] [Top] [All Lists]