...
Do not use an invalidated reference, pointer, or iterator because doing so results in undefined behavior.
This This rule is a specific instance of CTR51-CPP. Use valid references, pointers, and iterators to reference elements of a container.
...
This noncompliant code example copies input into a std::string, replacing semicolon (;) characters with spaces. This example is noncompliant because the iterator loc is invalidated after the first call to insert(). The behavior of subsequent calls to insert() is undefined.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <string>
void f(const std::string &input) {
std::string email;
std::string::iterator loc = email.begin();
// Copy input into email converting ";" to " "
for (auto I = input.begin(), E = input.end(); I != E; ++I, ++loc) {
email.insert(loc, *I != ';' ? *I : ' ');
}
} |
...
Using an invalid reference, pointer, or iterator to a string object could allow an attacker to run arbitrary code.
...