SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 11

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 12

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

LocationBefore (with error)After (with correction)Rationale
p. 9, Section 1.5

Except where noted, the contents of the CERT C Coding Standard apply equally to code written in C++. Content from the CERT C Coding Standard that apply to the CERT C++ Coding Standard are described in each related chapter of the C++ standard.

The following guidelines from the CERT C Coding Standard do not apply to the CERT C++ Secure Coding Standard:

Rules from the CERT C Coding Standard that apply to the CERT C++ Coding Standard are described in each related chapter of the C++ standard. The POSIX (POS) and Microsoft Windows (WIN) rules from the CERT C Coding Standard have not been reviewed for applicability to code written in C++ for those platforms.

Recommendations from the CERT C Coding Standard have not been reviewed for applicability to code written in C++.

The following rules from the CERT C Coding Standard have been reviewed and do not apply to the CERT C++ Secure Coding Standard:

Added more specificity about which parts of the CERT C Coding Standard have been reviewed for applicability. Removed the general statement about "Except where noted...".  Added specificity about recommendations and rules.
p. 149, Section 3.14.1void g(std::string &&v) {void g(std::string v) {The rvalue reference "&&" was incorrect
p. 150, Section 3.14.2void g(std::string &&v) {void g(std::string v) {The rvalue reference "&&" was incorrect
p. 247, Section 7.5.6

To verify that the assumption is, in fact, safe, the compliant
solution also overloads the placement new[] operator to accept the buffer size as a third
argument and verifies that it is at least as large as the total amount of storage required.

To verify that the assumption is, in fact, safe, the compliant
solution also overloads the placement new[] operator to accept the buffer size as a third
argument and verifies that it is not smaller than the total amount of storage required.

Corrected the inequality.
p 247, Section 7.5.6

void *operator new[](size_t n, void *p, size_t bufsize) {
if (n <= bufsize) {

void *operator new[](size_t n, void *p, size_t bufsize) {
if (n > bufsize) {

Corrected the inequality.
p 247, Section 7.5.6

void f() {
const size_t n = 32;
alignas(S) unsigned char buffer[sizeof(S) * n + overhead];
S *sp = new (buffer, sizeof(buffer)) S[n];

void f() {
const size_t n = 32;
alignas(S) unsigned char buffer[sizeof(S) * n + overhead];
S *sp = ::new (buffer, sizeof(buffer)) S[n];

Explicitly use the global new operator
p. 320, Section 10.1

Virtual functions allow for static dispatch of member function calls at runtime based on the
dynamic type of the object that the member function is being called on.

Virtual functions allow for the choice of member function calls to be determined at run time based on the dynamic type of the object that the member function is being called on.Sentence is now clearer.
p. 334, Section 10.3Section 10.3.4 is 'Risk Assessment'

New section inserted, Exceptions, with a new exception OOP52-CPP:EX0. (See OOP52-CPP for section contents)

The exception was deemed necessary to permit safe code that violated the letter of the rule.
p. 339, Section 10.4.5Section 10.4.5 is 'Risk Assessment'New section inserted, Exceptions, with a new exception OOP53-CPP:EX0. (See OOP53-CPP for section contentsThe exception was deemed necessary to permit safe code that violated the letter of the rule.