...
If adding or subtracting an integer to a pointer results in a reference to an element outside the array or one past the last element of the array object, the behavior is undefined but frequently leads to a buffer overflow or buffer underrun, which can often be exploited to run arbitrary code. Iterators and standard template library containers exhibit the same behavior and caveats as pointers and arrays.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
CTR55-CPP | High | Likely | No | NoMedium | P18P9 | L1L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Helix QAC |
| DF3526, DF3527, DF3528, DF3529, DF3530, DF3531, DF3532, DF3533, DF3534 | |||||||
| Klocwork |
| ITER.ADVANCE.NONADJACENT | |||||||
| LDRA tool suite |
| 567 S | Enhanced Enforcement | ||||||
| Parasoft C/C++test |
| CERT_CPP-CTR55-a | Do not add or subtract a constant with a value greater than one from an iterator | ||||||
| Polyspace Bug Finder |
| CERT C++: CTR55-CPP | Checks for possible iterator overflows (rule partially covered). |
...