SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 15

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Padding bits are implementation-defined, so the layout of the class object may differ between compilers or architectures. When compiled with GCC 5.3.0 for x86-32, the test object requires 96 bytes of storage to accommodate 29 bytes of data (33 bytes including the vtable) and has the following layout.

Offset (bytes (bits))Storage Size (bytes (bits))Reason
 

OffsetStorage SizeReason
01 (32)vtable pointer
 

56 (448)4 (32)unsigned k
4 (32)28 (224)data member alignment padding
 

60 (480)0 (4)unsigned l : 4
32 (256)8 (64)double h
 

60 (484)0 (3)unsigned short m : 3
40 (320)1 (8)char i
 

60 (487)0 (1)unused bit-field bits
41 (328)3 (24)data member alignment padding
 

61 (488)1 (8)char n
44 (352)4 (32)unsigned j : 80
 

62 (496)2 (16)data member alignment padding
48 (384)6 (48)extended bit-field size padding
 

64 (512)8 (64)double o
54 (432)2 (16)alignment padding
 

72 (576)24 (192)class alignment padding

Compliant Solution

Due to the complexity of the data structure, this compliant solution serializes the object data before copying it to an untrusted context instead of attempting to account for all of the padding bytes manually.

...

Padding bits might inadvertently contain sensitive data such as pointers to kernel data structures or passwords. A pointer to such a structure could be passed to other functions, causing information leakage.

Rule

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

DCL55-CPP

Low

Unlikely

No

High

Yes

P1

P2

L3

Related Vulnerabilities

Numerous vulnerabilities in the Linux Kernel have resulted from violations of this rule. 

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC++-DCL55
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

MISC.PADDING.POTB

Padding Passed Across a Trust Boundary

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4941, DF4942, DF4943
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_CPP-DCL55-a

A pointer to a structure should not be passed to a function that can copy data to the user space

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: DCL55-CPPChecks for information leakage due to structure padding (rule partially covered)

Related Vulnerabilities

Numerous vulnerabilities in the Linux Kernel have resulted from violations of this rule. 

 CVE-2010-4083 describes  CVE-2010-4083 describes a vulnerability in which the semctl() system call allows unprivileged users to read uninitialized kernel stack memory because various fields of a semid_ds struct declared on the stack are not altered or zeroed before being copied back to the user. 

...

 Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C Coding Standard DCL39-C. Avoid information leakage when passing a structure across a trust boundary 

Bibliography

[ISO/IEC 14882-2014]

Subclause 8.5, "Initializers"
Subclause 9.2, "Class Members"
Subclause 9.6, "Bit-fields"

...