| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 28 Sep 2007 16:06:42 -0400
From: <Glenn.Everhart@...se.com>
To: <rodrigob@...kover.org>, <full-disclosure@...ts.grok.org.uk>
Subject: Re: Firefox 2.0.0.7 has a veryserious calculation
bug
So the precision of an IEEE single precision float is about 7 digits
and of a double is about 15. If you try to exhibit the result to more
digits of precision what makes anyone think you would get a more
precise result? What makes you think that such exhibiting is even guaranteed
to be accurate?
Certainly this is not a math fault, except perhaps that Firefox attempts
to show results to more precision than is defined. At worst a venial sin.
In the Dark Ages it used to be taught routinely that tests for equality
when using floating point were likely to fail due to precision limits. Is
this lore now lost???
(For that matter, is the lore also lost that 1.00000000000... (infinite series)
is exactly the same number mathematically as 0.999999999999... (infinite series) ??)
Hmph. May your punishment for excessive belief in calculators be to have to multiply
a few score numbers that are expressed to 50 decimal places, using pen or pencil
and paper.
-----Original Message-----
From: full-disclosure-bounces@...ts.grok.org.uk
[mailto:full-disclosure-bounces@...ts.grok.org.uk]On Behalf Of Rodrigo
Barbosa
Sent: Friday, September 28, 2007 3:44 PM
To: full-disclosure@...ts.grok.org.uk
Subject: Re: [Full-disclosure] Firefox 2.0.0.7 has a veryserious
calculation bug
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Fri, Sep 28, 2007 at 09:09:02PM +0200, Michal Zalewski wrote:
> On Sat, 29 Sep 2007, Jimby Sharp wrote:
>
> > I don't get the same from C-style double arithmetics. Could you provide
> > a sample code that you believe should show the same behavior?
>
> If you don't, it's presumably because the subtraction is optimized out by
> the compiler, or because you printf() with an insufficient precision in
> format spec. The following should do the trick:
>
> volatile double a = 5.2;
> volatile double b = 0.1;
> main() { printf("%.16lf\n",a-b); }
Isn't this the same issue pointed out by Brian Kim (double to float
conversion) ?
Look the results I get for the following code:
volatile double a = 5.2;
volatile double b = 0.1;
main() {
printf("%.16lf\n",a);
printf("%.16lf\n",b);
printf("%.16lf\n",(volatile double) 5.1);
printf("%.16lf\n",(volatile double)((float) 5.1));
printf("%.16lf\n",a-b);
}
Results:
5.2000000000000002
0.1000000000000000
5.0999999999999996
5.0999999046325684 <------------
5.1000000000000005
- --
Rodrigo Barbosa
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iD8DBQFG/VmCpdyWzQ5b5ckRArw8AJ9snBYsgIK7pvwHbILw43gTtuz6rwCgqxGO
snsqqiu9zDaqhITIe/Ycf7o=
=MJfE
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
-----------------------------------------
This transmission may contain information that is privileged,
confidential, legally privileged, and/or exempt from disclosure
under applicable law. If you are not the intended recipient, you
are hereby notified that any disclosure, copying, distribution, or
use of the information contained herein (including any reliance
thereon) is STRICTLY PROHIBITED. Although this transmission and
any attachments are believed to be free of any virus or other
defect that might affect any computer system into which it is
received and opened, it is the responsibility of the recipient to
ensure that it is virus free and no responsibility is accepted by
JPMorgan Chase & Co., its subsidiaries and affiliates, as
applicable, for any loss or damage arising in any way from its use.
If you received this transmission in error, please immediately
contact the sender and destroy the material in its entirety,
whether in electronic or hard copy format. Thank you.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists