SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 68

changes.mady.by.user Svyatoslav Razmyslov

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

Using an invalid iterator range is similar to allowing a buffer overflow, which can lead to an attacker running arbitrary code.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

CTR53-CPP

High

Probable

No

NoHigh

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page
Astrée_V
Astrée_V

overflow_upon_dereference

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.BO

Buffer Overrun

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C++3802
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
STL-36

CERT_CPP-CTR53-a
CERT_CPP-CTR53-b

Do not use an iterator range that isn't really a range
Do not compare iterators from different containers

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: CTR53-CPPChecks for invalid iterator range (rule partially covered).
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

PRQA QA-C4.1 3802 PRQA QA-C++
Include Page
PRQA QA-C++_VPRQA QA-C++_V3802 PVS-Studio6.22

V539, V662, V789General analysis rule set

Related Vulnerabilities

In Fun with erase(), Chris Rohlf discusses the exploit potential of a program that calls vector::erase() with invalid iterator ranges [Rohlf 2009].

...