SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 66

changes.mady.by.user Sandy Shrum

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Using arrays polymorphically can result in memory corruption, which could lead to an attacker being able to execute arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

CTR56-CPP

High

Likely

No

High

No

P9

L2

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC++-CTR56
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.STRUCT.PARITH

Pointer Arithmetic

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C++3073
Parasoft C/C++test
9.5PB-10, STL-02  
Include Page
Parasoft_V
Parasoft_V

CERT_CPP-CTR56-a
CERT_CPP-CTR56-b
CERT_CPP-CTR56-c

Don't treat arrays polymorphically
A pointer to an array of derived class objects should not be converted to a base class pointer
Do not treat arrays polymorphically

LDRA tool suite
Include Page
LDRA_V
LDRA_V

567 S

Enhanced Enforcement

 PRQA QA-

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: CTR56-CPPChecks for pointer arithmetic on polymorphic object (rule fully covered)
PVS-Studio

Include Page

PRQA QA-C++

PVS-Studio_V

PRQA QA-C++ 

PVS-Studio_V

3072, 3073
V777

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C Coding StandardARR39-C. Do not add or subtract a scaled integer to a pointer

Bibliography

[ISO/IEC 14882-2014]

Subclause 5.7, "Additive Operators"
Subclause 5.2.1, "Subscripting" 

[Lockheed Martin
05
2005]AV Rule 96, "Arrays shall not be treated polymorphically"
[Meyers
96
1996]Item 3, "Never Treat Arrays Polymorphically"
[Stroustrup
06
2006]"What's Wrong with Arrays?"
[Sutter
04
2004]Item 100, "Don't Treat Arrays Polymorphically"

...


...

Image Modified Image Modified Image Modified