SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 19

changes.mady.by.user Jill Britton

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Padding bits might inadvertently contain sensitive data such as pointers to kernel data structures or passwords. A pointer to such a structure could be passed to other functions, causing information leakage.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

DCL55-CPP

Low

Unlikely

No

HighYes

P1P2

L3

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC++-DCL55
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

MISC.PADDING.POTB

Padding Passed Across a Trust Boundary

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4941, DF4942, DF4943
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_CPP-DCL55-a

A pointer to a structure should not be passed to a function that can copy data to the user space

Helix QACPolyspace Bug Finder

Include Page
Helix QACPolyspace Bug Finder_VHelix QAC_V
Polyspace Bug Finder_V

CERT C++: DCL55-CPPChecks for information leakage due to structure padding (rule partially covered)

Related Vulnerabilities

Numerous vulnerabilities in the Linux Kernel have resulted from violations of this rule. 

...

SEI CERT C Coding Standard DCL39-C. Avoid information leakage when passing a structure across a trust boundary 

Bibliography

[ISO/IEC 14882-2014]

Subclause 8.5, "Initializers"
Subclause 9.2, "Class Members"
Subclause 9.6, "Bit-fields"

...