SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 51

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

If two operands p and q compare equal, p<=q and p>=q both yield true and p<q and p>q both yield false. Otherwise, if a pointer p compares greater than a pointer q, p>=q, p>q, q<=p, and q<p all yield true and p<=q, p<q, q>=p, and q>p all yield false. Otherwise, the result of each of the operators is unspecified.

Page properties
hiddentrue

The "Thus" statement below is incomplete. What is required to make such a statement is p3, which is a total mess because it doesn't say WHAT should happen when two pointers not of the same container are compared. The assumption is that this is what causes us to fall into the final "otherwise" clause of p4, but I think a core issue may be in order. Once that is resolved, we can update this section accordingly.

...

Code Block
bgColor#ccccff
langcpp
#include <iostream>
 
template <typename Ty>
bool in_range(const Ty *test, const Ty *r, size_t n) {
  auto *cur = reinterpret_cast<const unsigned char *>(r);
  auto *end = reinterpret_cast<const unsigned char *>(r + n);
  auto *testPtr = reinterpret_cast<const unsigned char *>(test);
 
  for (; cur != end; ++cur) {
    if (cur == testPtr) {
      return true;
    }
  }
  return false;
}
 
void f() {
  double foo[10];
  double *x = &foo[0];
  double bar;
  std::cout << std::boolalpha << in_range(&bar, x, 10);
}

Risk Assessment

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

CTR54-CPP

Medium

Probable

No

Medium

No

P8

P4

L2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page
Astrée_V
Astrée_V

invalid_pointer_subtraction
invalid_pointer_comparison

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.STRUCT.CUP
LANG.STRUCT.SUP

Comparison of Unrelated Pointers
Subtraction of Unrelated Pointers

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF2668, DF2761, DF2762, DF2763, DF2766, DF2767, DF2768


LDRA tool suite
Include Page
LDRA_V
LDRA_V

70 S, 87 S, 437 S, 438 S

Enhanced Enforcement

PRQA QA-
Parasoft C/C++test

Include Page

PRQA QA-C++_vPRQA QA-C++_v

2761, 2762, 2763,   
2766, 2767, 2768,
2771, 2772, 2773

 

Parasoft_V
Parasoft_V

CERT_CPP-CTR54-a
CERT_CPP-CTR54-b
CERT_CPP-CTR54-c

Do not compare iterators from different containers
Do not compare two unrelated pointers
Do not subtract two pointers that do not address elements of the same array

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: CTR54-CPPChecks for subtraction or comparison between iterators from different containers (rule partially covered).

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C Coding StandardARR36-C. Do not subtract or compare two pointers that do not refer to the same array
MITRE CWECWE-469, Use of Pointer Subtraction to Determine Size

Bibliography

[Banahan 2003]Section 5.3, "Pointers"
Section 5.7, "Expressions Involving Pointers" 
[ISO/IEC 14882-2014]

Subclause 5.7, "Additive Operators"
Subclause 5.9, "Relational Operators"
Subclause 20.9.5, "Comparisons"

...


...