This guideline has not been reviewed recently and may be outdated. Please review it and comment to reflect any newly available information.
reinterpret_cast operator is the least secure of the C++ typecasting operators. C++2004 section 5.2.10, paragraph 3 says:
The mapping performed by reinterpret_cast is implementation-defined. Note: it might, or might not, produce a representation different from the original value.
That said, the usual action of
reinterpret_cast is to change the type, but leave the value unchanged.
Any class object may be accessed by a pointer to itself, or a pointer to one of its ancestor classes. If the object has multiple parents (or any of its parents have multiple parents), then a pointer to a base class might have a different value than a pointer to the object itself. As illustration, the following program:
has the following output, when compiled using G++ 4.3.2 on Linux 2.6.27-11:
dp is 0x7fffa40ee9b0
dp == b1p ? yes
b1p is 0x7fffa40ee9b0
dp == b2p ? yes
b2p is 0x7fffa40ee9b8
dp == dps ? yes
dps is 0x7fffa40ee9b0
dp == dpr ? no
dpr is 0x7fffa40ee9b8
Clearly the base pointer
b2p has a different value than the original
dp pointer it was initialized from, although they do compare equally. The
static_cast operator restores the original pointer value, but the
reinterpret_cast operator preserves the new pointer value, and is regarded as different from the original
Note that this rule uses
static_cast despite EXP13-CPP. Prefer dynamic_cast over static_cast over reinterpret_cast. While
dynamic_cast would be safer
static_cast is more illustrative for this example.
Improper casting can lead to programs that misinterpret data. If an attacker can manipulate this data, they may be able to execute arbitrary code.
|LDRA tool suite||9.7.1|