AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Incorrect Comparison with NaN

Comparison operator == when used with NaN always return false

Severity

Low

Fix Cost

Low

Trust Level

High

NaN means not a number and according to the Java Language Specification, “Double.NaN is unordered, so the numerical comparison operators <, <=, >, and >= return false if either or both operands are NaN. for example the code below always print “number”;

            
double result = 0.0;

// an arithmetic calculation that assigns NaN to result here

if(result == Double.NaN)
{
System.out.println("not a number");
}
else
{
System.out.println("number");
}
                
            

Another, maybe more striking example would be;

                
if(Double.NaN == Double.NaN)
{
System.out.println("equal");
}
else
{
System.out.println("not equal");
}
                
            

The code above prints “not equal”.

NaN means not a number and according to the Java Language Specification, “Double.NaN is unordered, so the numerical comparison operators <, <=, >, and >= return false if either or both operands are NaN. for example the code below always print “number”;

            
double result = 0.0;

// an arithmetic calculation that assigns NaN to result here

if(result == Double.NaN)
{
System.out.println("not a number");
}
else
{
System.out.println("number");
}
                
            

Another, maybe more striking example would be;

            
if(Double.NaN == Double.NaN)
{
System.out.println("equal");
}
else
{
System.out.println("not equal");
}
                
            

The code above prints “not equal”.

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!