C++ does not allow you to change the value of a reference type, effectively treating all references as being const
qualified. The C++ Standard, [dcl.ref] paragraph 1 [ISO/IEC 14882-2014], states:
Cv-qualified references are ill-formed except when the cv-qualifiers are introduced through the use of a typedef-name (7.1.3, 14.1) or decltype-specifier (7.1.6.2), in which case the cv-qualifiers are ignored.
Thus, C++ prohibits or ignores the cv-qualification of a reference type. Only a value of reference type may be cv-qualified.
When attempting to const
-qualify a value of reference type, a programmer may accidentally write:
char &const p;
instead of:
char const &p; // or: const char &p;
Do not attempt to cv-qualify a reference type as it can result in undefined behavior. A conforming compiler is required to issue a diagnostic message. However, if the compiler does not emit a fatal diagnostic, the program may produce surprising results, such as allowing the character referenced by p
to be mutated.
Noncompliant Code Example
In this noncompliant code example, a const
-qualified reference to a char
is formed instead of a reference to a const
-qualified char
, resulting in undefined behavior:
#include <iostream> void f(char c) { char &const p = c; p = 'p'; std::cout << c << std::endl; }
Implementation Details
With Microsoft Visual Studio 2013, this code compiles successfully with a warning diagnostic (warning C4227: anachronism used : qualifiers on reference are ignored) and outputs:
p
With Clang 3.5, this code produces a fatal diagnostic:
error: 'const' qualifier may not be applied to a reference
Compliant Solution
This compliant solution assumes the programmer intended for the previous example to fail to compile due to attempting to modify a const
-qualified char
reference:
#include <iostream> void f(char c) { const char &p = c; p = 'p'; // error, read-only variable is not assignable std::cout << c << std::endl; }
Risk Assessment
const
and volatile
reference types may result in undefined behavior instead of a fatal diagnostic, causing unexpected values to be stored and leading to possible data integrity violations.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DCL33-CPP | low | unlikely | low | P1 | L3 |
Automated Detection
Tool | Version | Checker | Description |
4.4 | 14 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
[ISO/IEC 14882-2014] | 8.3.2, "References" |
[Dewhurst 02] | Gotcha #5, "Misunderstanding References" |