[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <46FD4D88.7060103@susam.in>
Date: Sat, 29 Sep 2007 00:22:56 +0530
From: Susam Pal <susam@...am.in>
To: Brian Kim <bmhkim@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Firefox 2.0.0.7 has a very serious
calculation bug
Yes. If one operand of a binary operator is of double type and the other
is of float type, then it is converted to double before the operator
operates. In this case when float type 0.7 is converted to double type,
the converted value is not exactly equal to double type 0.7. It can
never be on many implementations because some precision is lost in float
type 0.7.
So, I wanted to highlight that these issues are to be taken care of by
the programmer. Hence, we should not say that the flaw is in Firefox.
Regards,
Susam Pal
http://susam.in/
Brian Kim wrote, On Saturday 29 September 2007 12:08 AM:
>
> Wouldn't that be because (float)0.7 != (double)0.7?
>
> Also, relevant to the whole discussion:
> http://www.cygnus-software.com/papers/comparingfloats/comparingfloats.htm
>
> Cheers!
> Brian
>
>
> On 9/28/07, Susam Pal <susam@...am.in> wrote:
>> Let's take this C code.
>>
>> #include <stdio.h>
>>
>> int main(int argc, char **argv) {
>> float a = 0.7;
>> if(a == 0.7) {
>> printf("%f is equal to %f\n", a, 0.7);
>> } else {
>> printf("%f is not equal to %f\n", a, 0.7);
>> }
>> }
>>
>> On many implementations (not necessarily all implementations) we will
>> get the output as:-
>>
>> 0.700000 is not equal to 0.700000
>>
>> For example, on my Debian Etch with gcc 4.1.2, the output is as shown
>> above. This doesn't mean it is a bug in GCC. We can't call this a bug in
>> GCC because it's just a limitation of floating point math. The
>> programmer should be careful of these floating point issues while
>> programming.
>>
>> Similarly, if someone doesn't take care of the floating point behavior
>> while writing code in JavaScript, we should say that the JavaScript code
>> has the bug instead of saying that the bug is in Firefox.
>>
>> Regards,
>> Susam Pal
>> http://susam.in/
>>
>> carl hardwick wrote, On Friday 28 September 2007 09:46 PM:
>>> There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong
>>> subtractions.
>>>
>>> PoC concept here:
>>> javascript:5.2-0.1
>>> (copy this code into address bar)
>>>
>>> Firefox 2.0.0.7 result: 5.1000000000000005 (WRONG!)
>>> Internet Explorer 7 result: 5.1 (OK)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists