Security weakness CWE-1077: Floating Point Comparison with Incorrect Operator
41 views
Skip to first unread message
Georgi Guninski
Apr 24, 2023, 8:09:27 AM4/24/23
to sage-...@googlegroups.com
Since there was discussion about RealField, comparing floats for
equality is considered security vulnerability:
https://cwe.mitre.org/data/definitions/1077.html
Numeric calculation using floating point values can generate imprecise
results because of rounding errors. As a result, two different
calculations might generate numbers that are mathematically equal, but
have slightly different bit representations that do not translate to
the same mathematically-equal values. As a result, an equality test or
other comparison might produce unexpected results.
This issue can prevent the product from running reliably. If the
relevant code is reachable by an attacker, then this reliability
problem might introduce a vulnerability.
equality is considered security vulnerability:
https://cwe.mitre.org/data/definitions/1077.html
Numeric calculation using floating point values can generate imprecise
results because of rounding errors. As a result, two different
calculations might generate numbers that are mathematically equal, but
have slightly different bit representations that do not translate to
the same mathematically-equal values. As a result, an equality test or
other comparison might produce unexpected results.
This issue can prevent the product from running reliably. If the
relevant code is reachable by an attacker, then this reliability
problem might introduce a vulnerability.
Reply all
Reply to author
Forward
0 new messages