Compile and run this. #include <stdio.h>
int main(int argc, char **argv) { float a = 0.7; if(a == 0.7) { printf("%f is equal to %f\n", a, 0.7); } else { printf("%f is not equal to %f\n", a, 0.7); } } On many implementations (not necessarily all implementations) you will get the output as:- 0.700000 is not equal to 0.700000 For example, on my Debian Etch with gcc 4.1.2, the output is as shown above. This doesn't mean it is a bug in 'gcc'. It's just a limitation of floating point math. If someone doesn't take care of the floating point behavior while writing code in JavaScript, it is a bug in the JavaScript code and not a bug in Firefox. Regards, Susam Pal http://susam.in/ On 9/28/07, blah <[EMAIL PROTECTED]> wrote: > IE7 was fine for me, showed up in FF 2.0.0.7 > > However, I think it's much wider-spread than initially thought. I > found the same most unsettling results using: > javascript:4.2-0.1 > javascript:3.2-0.1 > javascript:2.2-0.1 > > I did not have time to try more, but obviously all of you can see the > possibilities. Because it appears this works with any number, I've > dubbed it the FIB, (Firefox Infinite Bug). > > I think this should get its own exploit category, too, since > assuredly, perhaps one day, this will be exploitable. > > On 9/28/07, Steven Adair <[EMAIL PROTECTED]> wrote: > > So are we dealing with an RDCB (Recently Disclosed Calculation Bug) or was > > this just a mistake? > > > > Steven > > > > > Actually, I see 5.1000000000000005 in both browsers. > > > > > > Larry Seltzer > > > eWEEK.com Security Center Editor > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/