...
In this example, the value of value is determined based on which overload of test() is selected. The declaration of Inner *I allows use of the variable I within the decltype specifier, which results in a pointer of some (possibly void) type, with a default value of nullptr. However, if there is no declaration of Inner::foo(), the decltype specifier will be ill-formed, and that variant of test() will not be a candidate function for overload resolution due to SFINAE. The result is that the C-style variadic function variant of test() will be the only function in the candidate set. Both test() functions are declared, but never defined, because their definitions are not required for use within an unevaluated expression context.
Noncompliant Code Example
This noncompliant code example uses a C-style variadic function to add a series of integers together, until the value 0 is found. Calling this function without passing the value 0 as an argument results in undefined behavior. Further, passing any type other than an int also results in undefined behavior.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <cstdarg>
int Add(int First, int Second, ...) {
int R = First + Second;
va_list va;
va_start(va, First);
while (int V = va_arg(va, int)) {
R += V;
}
va_end(va);
return R;
}
|
Compliant Solution (Recursive pack expansion)
In this compliant solution, a variadic function using a function parameter pack is used to implement the Add() function, allowing identical behavior for call sites. Unlike the C-style variadic function used in the noncompliant code example, this compliant solution does not result in undefined behavior if the list of parameters is not terminated with 0. Additionally, if any of the values passed to the function are not an integer, it results in the code being ill-formed, instead of undefined behavior.
...
Note, this compliant solution makes use of std::enable_if to ensure that any non-integral argument values result in an ill-formed program.
Compliant Solution (Braced initializer list expansion)
An alternative compliant solution that does not require recursive expansion of the function parameter pack instead expands the function parameter pack into a list of values as part of a braced-init-list. Since narrowing conversions are not allowed in a braced-init-list, the type safety is preserved despite the std::enable_if not involving any of the variadic arguments.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <type_traits>
template <typename Arg, typename... Ts, typename std::enable_if<std::is_integral<Arg>::value>::type * = nullptr>
int Add(Arg I, Arg J, Ts... All) {
int Values[] = { J, All... };
int R = I;
for (auto V : Values) {
R += V;
}
return R;
} |
Risk Assessment
Incorrectly using a variadic function can result in abnormal program termination, unintended information disclosure, or execution of arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL31-CPP | High | Probable | Medium | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
| 2012 |
Related Vulnerabilities
Search for other vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
|
Bibliography
| [ISO/IEC 14882-2014] | 5.2.2, "Function call" 14.5.3, "Variadic templates" |
...