...
Strangely, it's not illegal to apply a
constorvolatilequalifier to a type name that is of reference type. Rather than cause an error, the qualifier...can be ignored.
Noncompliant Code Example
| Code Block | ||
|---|---|---|
| ||
char c = 'c'; char &const p = c; p = 'p'; cout << c << endl; |
Implementation Details
On Microsoft Visual C++, this code compiles without incident and outputs:
...
| Code Block |
|---|
: error: 'const' qualifiers cannot be applied to 'char&' |
Compliant Solution
If constant access is required, instead of using a const reference, one can use a const pointer:
| Code Block | ||
|---|---|---|
| ||
char c = 'c'; char *const p = c; *p = 'p'; // causes compiler error cout << c << endl; |
Risk Assessment
Const and volatile references may be freely ignored by the compiler, causing unexpected values to be stored and leading to possible data integrity violations.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL33-CPP | low | unlikely | medium | P2 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[Dewhurst 02|AA. C++ References#Dewhurst 02]\] Gotcha #5, "Misunderstanding References" |
...