Page History

...

Using arrays polymorphically can result in memory corruption, which could lead to an attacker being able to execute arbitrary code.

Rule	Severity	Likelihood

Remediation Cost

Detectable	Repairable	Priority	Level
CTR56-CPP	High	Likely

High

No

P9

L2

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC++-CTR56

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.STRUCT.PARITH

Pointer Arithmetic

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C++3073

Parasoft C/C++test

Include Page

cplusplus:

	Parasoft_V

cplusplus:

	Parasoft_V

PB-10, STL-02

CERT_CPP-CTR56-a
CERT_CPP-CTR56-b
CERT_CPP-CTR56-c

Don't treat arrays polymorphically
A pointer to an array of derived class objects should not be converted to a base class pointer
Do not treat arrays polymorphically

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

567 S

Enhanced Enforcement

PRQA QA-

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C++: CTR56-CPP

Checks for pointer arithmetic on polymorphic object (rule fully covered)

PVS-Studio

Include Page

PRQA QA-C++

	PVS-Studio_V

PRQA QA-C++

	PVS-Studio_V

3073

V777

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C Coding Standard

ARR39-C. Do not add or subtract a scaled integer to a pointer

Bibliography

[ISO/IEC 14882-2014]	Subclause 5.7, "Additive Operators" Subclause 5.2.1, "Subscripting"
[Lockheed Martin 2005]	AV Rule 96, "Arrays shall not be treated polymorphically"
[Meyers 1996]	Item 3, "Never Treat Arrays Polymorphically"
[Stroustrup 2006]	"What's Wrong with Arrays?"
[Sutter 2004]	Item 100, "Don't Treat Arrays Polymorphically"

...

Space shortcuts

Page tree

Versions Compared

Old Version 71

New Version Current

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography