Presentation is loading. Please wait.

Presentation is loading. Please wait.

Microsoft Excel 2007 Bug Mikko Heinonen 7.2.2008.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Microsoft Excel 2007 Bug Mikko Heinonen 7.2.2008."— Presentation transcript:

1 Microsoft Excel 2007 Bug Mikko Heinonen 7.2.2008

2 Contents 65535 = 100000 Location of the bug IEEE 754 floating-point format The Bug The Microsoft Hotfix Damages

3 65535 = 100000? Found 22.9.2007 850 * 77,1 = 100000. Should be 65535 Twelve values Excel 2007 formats wrong 9.2*10^18 possible 64-bit floating-point values ~65535 = 100000 and ~65536 = 100001

4 Location of the bug Error in the 64-bit floating-point to string conversion routine. Routine converts the binary representation of a 64-bit IEEE 754 double to a Unicode text string. Older 16-bit formatting routine was updated to 32-bit version in Excel 2007.

5 IEEE 754 64-bit floating-point format 1 bit for the sign, 11 bits for the exponent, and 52 bits for the mantissa Mantissa corresponds to 15 digits of decimal accuracy. Excel rounds answers to 15 digits. 0.1 = 0.000110011001100… 65535-2^(-37) should be rounded to 65535, but the new 32-bit routine fails.

6 The Bug Rendering bug, not a math bug. Numbers stored correctly. 850 * 77,1 * 2 = 131070 Routine divisor table pointer is pointing to the wrong divisor due to the bug. 65536(-2^(-37))/65535 = 1, with remainder 1. 1/10000 = 0. 1/1000 = 0. 1 / 100 = 0. 1/10 = 0. 1/1 = 1. => 100001 -2^(-37) causes the table being misaligned.

7 The Bug Overflow possible only when the value sufficiently near an integer 65535. Routine is hand coded assebly. Likely done to improve performance. Microsoft engineers should have catch the bug in tests. 65535 = 2^16

8 The Microsoft Hotfix Released on 10.10.2007. 18 days after being found. Routine fixed by adding new check. Avoids the overflow causing the table pointer to be set wrong.

9 Damages No damages reported. No security holes found. Malformed Excel files can be use to find holes or exploits.

10 References Chris Lomont : An Analysis of the Excel 2007 “65535” Bug http://en.wikipedia.org/wiki/IEEE_floating- point_standard

Download ppt "Microsoft Excel 2007 Bug Mikko Heinonen 7.2.2008."

Similar presentations

Computer Engineering FloatingPoint page 1 Floating Point Number system corresponding to the decimal notation 1,837 * 10 significand exponent A great number.

Computer Engineering FloatingPoint page 1 Floating Point Number system corresponding to the decimal notation 1,837 * 10 significand exponent A great number.
The Binary Numbering Systems

The Binary Numbering Systems
Princess Sumaya Univ. Computer Engineering Dept. Chapter 3:

Princess Sumaya Univ. Computer Engineering Dept. Chapter 3:
Princess Sumaya Univ. Computer Engineering Dept. Chapter 3: IT Students.

Princess Sumaya Univ. Computer Engineering Dept. Chapter 3: IT Students.
CS 447 – Computer Architecture Lecture 3 Computer Arithmetic (2)

CS 447 – Computer Architecture Lecture 3 Computer Arithmetic (2)
Computer ArchitectureFall 2007 © September 5, 2007 Karem Sakallah CS 447 – Computer Architecture.

Computer ArchitectureFall 2007 © September 5, 2007 Karem Sakallah CS 447 – Computer Architecture.
Booth’s Algorithm.

Booth’s Algorithm.
Lecture 3 Number Representation 2 This week – Recap Addition – Addition circuitry – Subtraction of integers in binary – Representing numbers with fractional.

Lecture 3 Number Representation 2 This week – Recap Addition – Addition circuitry – Subtraction of integers in binary – Representing numbers with fractional.
Major Numeric Data Types Unsigned Integers Signed Integer Alphanumeric Data – ASCII & UNICODE Floating Point Numbers.

Major Numeric Data Types Unsigned Integers Signed Integer Alphanumeric Data – ASCII & UNICODE Floating Point Numbers.
1 Lecture 3 Bit Operations Floating Point – 32 bits or 64 bits 1.

1 Lecture 3 Bit Operations Floating Point – 32 bits or 64 bits 1.
Floating Point Numbers

Floating Point Numbers
Computer ArchitectureFall 2008 © August 27, 2008 www.qatar.cmu.edu/~msakr/15447-f08/ CS 447 – Computer Architecture Lecture 4 Computer Arithmetic (2)

Computer ArchitectureFall 2008 © August 27, CS 447 – Computer Architecture Lecture 4 Computer Arithmetic (2)
Simple Data Type Representation and conversion of numbers

Simple Data Type Representation and conversion of numbers
2.2 Errors. Why Study Errors First? Nearly all our modeling is done on digital computers (aside: what would a non-digital analog computer look like?)

2.2 Errors. Why Study Errors First? Nearly all our modeling is done on digital computers (aside: what would a non-digital analog computer look like?)
Binary Real Numbers. Introduction Computers must be able to represent real numbers (numbers w/ fractions) Two different ways:  Fixed-point  Floating-point.

Binary Real Numbers. Introduction Computers must be able to represent real numbers (numbers w/ fractions) Two different ways:  Fixed-point  Floating-point.
Computer Organization and Architecture Computer Arithmetic Chapter 9.

Computer Organization and Architecture Computer Arithmetic Chapter 9.
Computer Arithmetic Nizamettin AYDIN

Computer Arithmetic Nizamettin AYDIN
Computer Arithmetic. Instruction Formats Layout of bits in an instruction Includes opcode Includes (implicit or explicit) operand(s) Usually more than.

Computer Arithmetic. Instruction Formats Layout of bits in an instruction Includes opcode Includes (implicit or explicit) operand(s) Usually more than.
2-1 Chapter 2 - Data Representation Principles of Computer Architecture by M. Murdocca and V. Heuring © 1999 M. Murdocca and V. Heuring Chapter Contents.

2-1 Chapter 2 - Data Representation Principles of Computer Architecture by M. Murdocca and V. Heuring © 1999 M. Murdocca and V. Heuring Chapter Contents.
Computer Arithmetic.

Computer Arithmetic.

Similar presentations

Ads by Google