lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Sep 2007 00:22:56 +0530
From: Susam Pal <susam@...am.in>
To: Brian Kim <bmhkim@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Firefox 2.0.0.7 has a very serious
 calculation bug

Yes. If one operand of a binary operator is of double type and the other 
is of float type, then it is converted to double before the operator 
operates. In this case when float type 0.7 is converted to double type, 
the converted value is not exactly equal to double type 0.7. It can 
never be on many implementations because some precision is lost in float 
type 0.7.

So, I wanted to highlight that these issues are to be taken care of by 
the programmer. Hence, we should not say that the flaw is in Firefox.

Regards,
Susam Pal
http://susam.in/

Brian Kim wrote, On Saturday 29 September 2007 12:08 AM:
 >
 > Wouldn't that be because (float)0.7 != (double)0.7?
 >
 > Also, relevant to the whole discussion:
 > http://www.cygnus-software.com/papers/comparingfloats/comparingfloats.htm
 >
 > Cheers!
 > Brian
 >
 >
> On 9/28/07, Susam Pal <susam@...am.in> wrote:
>> Let's take this C code.
>>
>> #include <stdio.h>
>>
>> int main(int argc, char **argv) {
>>   float a = 0.7;
>>   if(a == 0.7) {
>>     printf("%f is equal to %f\n", a, 0.7);
>>   } else {
>>     printf("%f is not equal to %f\n", a, 0.7);
>>   }
>> }
>>
>> On many implementations (not necessarily all implementations) we will
>> get the output as:-
>>
>> 0.700000 is not equal to 0.700000
>>
>> For example, on my Debian Etch with gcc 4.1.2, the output is as shown
>> above. This doesn't mean it is a bug in GCC. We can't call this a bug in
>> GCC because it's just a limitation of floating point math. The
>> programmer should be careful of these floating point issues while
>> programming.
>>
>> Similarly, if someone doesn't take care of the floating point behavior
>> while writing code in JavaScript, we should say that the JavaScript code
>> has the bug instead of saying that the bug is in Firefox.
>>
>> Regards,
>> Susam Pal
>> http://susam.in/
>>
>> carl hardwick wrote, On Friday 28 September 2007 09:46 PM:
>>> There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
>>> subtractions.
>>>
>>> PoC concept here:
>>> javascript:5.2-0.1
>>> (copy this code into address bar)
>>>
>>> Firefox 2.0.0.7 result: 5.1000000000000005 (WRONG!)
>>> Internet Explorer 7 result: 5.1 (OK)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists