...
The effects of accessing bits of an object representation that are not part of the object's value representation can range from implementation-defined behavior (such as assuming the layout of fields with differing access controls) to code execution vulnerabilities (such as overwriting the vtable pointer).
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
EXP62-CPP | High | Probable | Yes | HighNo | P6P12 | L2L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| invalid_pointer_dereference uninitialized_variable_use | |||||||
| CodeSonar |
| BADFUNC.MEMCMP BADFUNC.MEMSET | Use of memcmp Use of memset | ||||||
| Helix QAC |
| DF4726, DF4727, DF4728, DF4729, DF4731, DF4732, DF4733, DF4734 | |||||||
| Klocwork |
| CERT.MEMCMP.PADDED_DATA CWARN.MEM.NONPOD | |||||||
| LDRA tool suite |
| 618 S | Partially implemented | ||||||
| Parasoft C/C++test |
| CERT_CPP-EXP62-a | Do not compare objects of a class that may contain padding bits with C standard library functions | ||||||
| Polyspace Bug Finder |
| CERT C++: EXP62-CPP | Checks for access attempts on padding and vtable bits (rule fully covered). | ||||||
| PVS-Studio |
| V598, V780, V1084 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | OOP57-CPP. Prefer special member functions and overloaded operators to C Standard Library functions |
...
| [ISO/IEC 14882-2014] | Subclause 3.9, "Types" Subclause 3.10, "Lvalues and Rvalues" Clause 9, "Classes" |
...