SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 50

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 51

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4.1 update

...

If adding or subtracting an integer to a pointer results in a reference to an element outside the array or one past the last element of the array object, the behavior is undefined but frequently leads to a buffer overflow or buffer underrun, which can often be exploited to run arbitrary code. Iterators and standard template library containers exhibit the same behavior and caveats as pointers and arrays.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

CTR55-CPP

High

Likely

Medium

P18

L1

Automated Detection

Tool

Version

Checker

Description

LDRA tool suite
Include Page
LDRA_V
LDRA_V

567 S

Enhanced Enforcement

Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_CPP-CTR55-a

Do not add or subtract a constant with a value greater than one from an iterator

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C Coding Standard ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
MITRE CWECWE 129, Unchecked Array Indexing

Bibliography

[Banahan 2003]Section 5.3, "Pointers"
Section 5.7, "Expressions Involving Pointers"
[ISO/IEC 14882-2014]

Subclause 5.7, "Additive Operators"
Subclause 24.2.1, "In General"

[VU#162289]
 

...



...