Rule
Check divisor before division operations.
Division by zero causes runtime crashes and
must be prevented with explicit checks.

Supported languages: 45+

Introduction

Division by zero causes immediate runtime errors in most languages, crashing applications without graceful degradation. User input, calculated values, or database results can all produce zero divisors unexpectedly. A single unchecked division operation can bring down production services when edge case data triggers the error.

Why it matters

System stability: Division by zero can crash the application immediately in languages like Java, C, and Python. In production, this means dropped requests, interrupted transactions, and service unavailability. Even in JavaScript where division by zero returns Infinity or NaN, these values propagate through calculations causing incorrect results.

Data integrity: When division errors occur during batch processing or data pipelines, partial results may be written before the crash. This leaves data in inconsistent states, requiring manual recovery and potentially corrupting downstream systems that depend on complete data.

Attack surface: Attackers can intentionally craft input that produces zero divisors to crash services. API endpoints that perform calculations without validating divisors become denial-of-service vectors. A single malicious request can take down the entire service.

Code examples

❌ Non-compliant:

function calculateAverageOrderValue(totalRevenue, orderCount) {
    return totalRevenue / orderCount;
}

function calculateConversionRate(conversions, visitors) {
    return (conversions / visitors) * 100;
}

Why it's wrong: Both functions crash when the divisor is zero. calculateAverageOrderValue() fails when orderCount is 0, and calculateConversionRate() fails when visitors is 0. These scenarios are realistic: new businesses have zero orders, campaigns can have zero visitors.

✅ Compliant:

function calculateAverageOrderValue(totalRevenue, orderCount) {
    if (orderCount === 0) {
        return 0;
    }
    return totalRevenue / orderCount;
}

function calculateConversionRate(conversions, visitors) {
    if (visitors === 0) {
        return 0;
    }
    return (conversions / visitors) * 100;
}

Why this matters: Explicit checks prevent division by zero crashes. Functions return sensible default values (zero) when division isn't possible. The application continues running even with edge case inputs, maintaining stability and availability.

Conclusion

Always validate divisors before division operations. Return appropriate default values, throw descriptive errors, or handle the zero case based on business logic. Never assume divisors will be non-zero, especially with user input or external data.