SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 11

changes.mady.by.user Robert Seacord

Saved on

compared with

New Version 12

changes.mady.by.user Dan Saks

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Some template metaprogramming techniques that implement employ "substitution failure is not an error" (SFINAE) use variadic functions to implement compile-time type queries, as in:

...

Non-compliant Code Example

This example uses a variadic function to concatenate an arbitrary number of null-terminated character sequences (NTCS) in a single NTCS. Each call to the function must use a null pointer value to mark the end of the argument list.

Code Block
bgColor#FFCCCC

#include <cstdarg>

char *concatenate(char const *s, ...)
    {
    // code to actually concatenate the strings
    }

char *separator = /* some reasonable value */;

char *t = concatenate("hello", separator, "world", NULL);

Calling this function without the trailing null pointer, or with an argument of any type other than "pointer to possibly-CV-qualified char" yields undefined behavior:

Code Block
bgColor#FFCCCC

char *u = concatenate("hello", separator, "world";  // undefined behavior

char *v = concatenate("hello", ' ', "world", NULL); // undefined behavior

Compliant Solution

Rather than use a variadic function, you can use a chain of binary operations:

Code Block
bgColor#ccccff

...


#include <string>

string separator = /* some reasonable value */;

string s = "hello" + separator + "world";

Risk Assessment

Incorrectly using a variadic function can result in abnormal program termination, unintended information disclosure, or execution of arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL33-C

3 (high)

2 (probable)

3 (low)

P18

L1

References

...