SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 13

changes.mady.by.user Dan Saks

Saved on

compared with

New Version 14

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (jp)

...

Code Block
typedef char True;
typedef struct { char a[2]; } False;

template <typename T>&lt;typename T&gt;
True isPtr(T *);

False isPtr(...);

#define is_ptr(e) (sizeof(isPtr(e)) == sizeof(True))

...

Code Block
bgColor#FFCCCC
#include <cstdarg>&lt;cstdarg&gt;

char *concatenate(char const *s, ...)
    {
    // code to actually concatenate the strings
    }

char *separator = /* some reasonable value */;

char *t = concatenate("hello"&quot;hello&quot;, separator, "world"&quot;world&quot;, NULL);

Calling this function without the trailing null pointer, or with an argument of any type other than "pointer to possibly-CV-qualified char" yields undefined behavior:

Code Block
bgColor#FFCCCC
char *u = concatenate("hello"&quot;hello&quot;, separator, "world"&quot;world&quot;); // undefined behavior

char *v = concatenate("hello"&quot;hello&quot;, ' ', "world"&quot;world&quot;, NULL); // undefined behavior

...

Code Block
bgColor#ccccff
#include <string>&lt;string&gt;

string separator = /* some reasonable value */;

string s = "hello"&quot;hello&quot; + separator + "world"&quot;world&quot;;

Risk Assessment

Incorrectly using a variadic function can result in abnormal program termination, unintended information disclosure, or execution of arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL33-C

3 (high)

2 (probable)

3 (low)

P18

L1

...

DCL32-C. Avoid runtime static initialization of objects with external linkage      02. Declarations and Initialization (DCL)      03. Expressions (EXP)