SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 20

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 21

changes.mady.by.user Aaron Ballman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Add

...

Code Block
bgColor#ffcccc
langcpp
#include <iostream>
 
void f(char c) {
  char &const p = c;
  p = 'p';
  std::cout << c << std::endl;

}

Implementation Details

With Microsoft Visual Studio 2013, this code compiles successfully with a warning diagnostic (warning C4227: anachronism used : qualifiers on reference are ignored) and outputs:

...

Code Block
bgColor#ccccff
langcpp
#include <iostream>
 
void f(char c) {
  const char &p = c;
  p = 'p'; // error, read-only variable is not assignable
  std::cout << c << std::endl;
}

Risk Assessment

const and volatile reference types may result in undefined behavior instead of a fatal diagnostic, causing unexpected values to be stored and leading to possible data integrity violations.

...

Tool

Version

Checker

Description

 PRQA QA-C++

 
Include Page
PRQA QA-C++_v
PRQA QA-C++_v

14

 
Clang
Include Page
Clang_V
Clang_V
  

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

[ISO/IEC 14882-2014]8.3.2, "References"
[Dewhurst 02]Gotcha #5, "Misunderstanding References"