NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors
Division and remainder operations performed on integers are susceptible to divide-by-zero errors. Consequently, the divisor in a division or remainder operation on integer types must be checked for zero prior to the operation. Division and remainder operations performed on floating-point numbers are not subject to this rule.
Noncompliant Code Example (Division)
The result of the / operator is the quotient from the division of the first arithmetic operand by the second arithmetic operand. Division operations are susceptible to divide-by-zero errors. Overflow can also occur during two's-complement signed integer division when the dividend is equal to the minimum (negative) value for the signed integer type and the divisor is equal to −1 (see NUM00-J. Detect or prevent integer overflow for more information). This noncompliant code example can result in a divide-by-zero error during the division of the signed operands num1 and num2 :
long num1, num2, result;
/* Initialize num1 and num2 */
result = num1 / num2;
Compliant Solution (Division)
This compliant solution tests the divisor to guarantee there is no possibility of divide-by-zero errors:
long num1, num2, result;
/* Initialize num1 and num2 */
if (num2 == 0) {
// Handle error
} else {
result = num1 / num2;
}
Noncompliant Code Example (Remainder)
The % operator provides the remainder when two operands of integer type are divided. This noncompliant code example can result in a divide-by-zero error during the remainder operation on the signed operands num1 and num2 :
long num1, num2, result;
/* Initialize num1 and num2 */
result = num1 % num2;
Compliant Solution (Remainder)
This compliant solution tests the divisor to guarantee there is no possibility of a divide-by-zero error:
long num1, num2, result;
/* Initialize num1 and num2 */
if (num2 == 0) {
// Handle error
} else {
result = num1 % num2;
}
Risk Assessment
A division or remainder by zero can result in abnormal program termination and denial-of-service (DoS).
| Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| NUM02-J | Low | Likely | No | Yes | P6 | L2 |
Automated Detection
| Tool | Version | Checker | Description |
|---|---|---|---|
| Coverity | 7.5 | DIVIDE_BY_ZERO | Implemented |
| Parasoft Jtest | 2025.2 | CERT.NUM02.ZERO | Avoid division by zero |
| PVS-Studio | 7.42 | V6020 | |
| Security Reviewer - Static Reviewer | 6.02 | JAVA_36 | Full Implementation |
| SonarQube | 9.9 | S3518 | Zero should not be a possible denominator |
Related Guidelines
| SEI CERT C Coding Standard | INT33-C. Ensure that division and remainder operations do not result in divide-by-zero errors |
| MITRE CWE | CWE-369 , Divide by Zero |
Bibliography
Subclause 6.5.5, "Multiplicative Operators" | |
[ Seacord 05 ] | Chapter 5, "Integers" |
| [ Seacord 2015 ] | |
[ Warren 02 ] | Chapter 2, "Basics" |
