Full Disclosure mailing list archives
Re: Firefox 2.0.0.7 has a very serious calculation bug
From: "Brian Kim" <bmhkim () gmail com>
Date: Fri, 28 Sep 2007 14:38:03 -0400
On 9/28/07, Susam Pal <susam () susam in> wrote:
Let's take this C code. #include <stdio.h> int main(int argc, char **argv) { float a = 0.7; if(a == 0.7) { printf("%f is equal to %f\n", a, 0.7); } else { printf("%f is not equal to %f\n", a, 0.7); } } On many implementations (not necessarily all implementations) we will get the output as:- 0.700000 is not equal to 0.700000 For example, on my Debian Etch with gcc 4.1.2, the output is as shown above. This doesn't mean it is a bug in GCC. We can't call this a bug in GCC because it's just a limitation of floating point math. The programmer should be careful of these floating point issues while programming. Similarly, if someone doesn't take care of the floating point behavior while writing code in JavaScript, we should say that the JavaScript code has the bug instead of saying that the bug is in Firefox. Regards, Susam Pal http://susam.in/ carl hardwick wrote, On Friday 28 September 2007 09:46 PM:There's a flaw in Firefox 2.0.0.7 allows javascript to execute wrong subtractions. PoC concept here: javascript:5.2-0.1 (copy this code into address bar) Firefox 2.0.0.7 result: 5.1000000000000005 (WRONG!) Internet Explorer 7 result: 5.1 (OK)_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Wouldn't that be because (float)0.7 != (double)0.7? Also, relevant to the whole discussion: http://www.cygnus-software.com/papers/comparingfloats/comparingfloats.htm Cheers! Brian _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Firefox 2.0.0.7 has a very seriouscalculation bug, (continued)
- Re: Firefox 2.0.0.7 has a very seriouscalculation bug gjgowey (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Larry Seltzer (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Michal Zalewski (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Michal Zalewski (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Rodrigo Barbosa (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Michal Zalewski (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Rodrigo Barbosa (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Jimby Sharp (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Brian Kim (Sep 28)
- Re: Firefox 2.0.0.7 has a very serious calculation bug Susam Pal (Sep 28)