lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 29 Sep 2007 00:22:56 +0530 From: Susam Pal <susam@...am.in> To: Brian Kim <bmhkim@...il.com> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: Firefox 2.0.0.7 has a very serious calculation bug Yes. If one operand of a binary operator is of double type and the other is of float type, then it is converted to double before the operator operates. In this case when float type 0.7 is converted to double type, the converted value is not exactly equal to double type 0.7. It can never be on many implementations because some precision is lost in float type 0.7. So, I wanted to highlight that these issues are to be taken care of by the programmer. Hence, we should not say that the flaw is in Firefox. Regards, Susam Pal http://susam.in/ Brian Kim wrote, On Saturday 29 September 2007 12:08 AM: > > Wouldn't that be because (float)0.7 != (double)0.7? > > Also, relevant to the whole discussion: > http://www.cygnus-software.com/papers/comparingfloats/comparingfloats.htm > > Cheers! > Brian > > > On 9/28/07, Susam Pal <susam@...am.in> wrote: >> Let's take this C code. >> >> #include <stdio.h> >> >> int main(int argc, char **argv) { >> float a = 0.7; >> if(a == 0.7) { >> printf("%f is equal to %f\n", a, 0.7); >> } else { >> printf("%f is not equal to %f\n", a, 0.7); >> } >> } >> >> On many implementations (not necessarily all implementations) we will >> get the output as:- >> >> 0.700000 is not equal to 0.700000 >> >> For example, on my Debian Etch with gcc 4.1.2, the output is as shown >> above. This doesn't mean it is a bug in GCC. We can't call this a bug in >> GCC because it's just a limitation of floating point math. The >> programmer should be careful of these floating point issues while >> programming. >> >> Similarly, if someone doesn't take care of the floating point behavior >> while writing code in JavaScript, we should say that the JavaScript code >> has the bug instead of saying that the bug is in Firefox. >> >> Regards, >> Susam Pal >> http://susam.in/ >> >> carl hardwick wrote, On Friday 28 September 2007 09:46 PM: >>> There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong >>> subtractions. >>> >>> PoC concept here: >>> javascript:5.2-0.1 >>> (copy this code into address bar) >>> >>> Firefox 2.0.0.7 result: 5.1000000000000005 (WRONG!) >>> Internet Explorer 7 result: 5.1 (OK) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists