...
Further, the C++ Standard, [expr.mptr.oper], paragraph 6, in part, states the following:
If the second operand is the null pointer to member value, the behavior is undefined.
Do not use a pointer-to-member expression where the dynamic type of the first operand does not contain the member to which the second operand refers, including the use of a null pointer-to-member value as the second operand.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
struct B {
virtual ~B() = default;
};
struct D : B {
virtual ~D() = default;
virtual void g() { /* ... */ }
};
static void (D::*gptr)() = &D::g; // Explicitly initialized.
void call_memptr(D *ptr) {
(ptr->*gptr)();
}
void f() {
D *d = new D;
call_memptr(d);
delete d;
} |
Risk Assessment
Rule | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
OOP55-CPP | High | Probable | No |
No | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| overflow_upon_dereference invalid_function_pointer | |||||||
| Axivion Bauhaus Suite |
| CertC++-OOP55 | |||||||
| CodeSonar |
| LANG.MEM.UVAR | Uninitialized Variable | ||||||
| Helix QAC |
| DF2810, DF2811, DF2812, DF2813, DF2814 | |||||||
| Klocwork |
| CERT.OOP.PTR_MEMBER.NO_MEMBER | |||||||
| Parasoft C/C++test |
| CERT_CPP-OOP55-a | A cast shall not convert a pointer to a function to any other pointer type, including a pointer to function type | |||||||
| Parasoft Insure++ |
| Runtime detection | |||||||||
| Polyspace Bug Finder |
| CERT C++: OOP55-CPP | Checks for pointers to member accessing non-existent class members (rule fully covered). |
Related Vulnerabilities
Search for other vulnerabilities resulting from the violation of this rule on the CERT website.
...
This rule is a subset of EXP34-C. Do not dereference null pointers.
Bibliography
| [ISO/IEC 14882-2014] | Subclause 5.5, "Pointer-to-Member Operators" |
...
...