SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 67

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 68

changes.mady.by.user Svyatoslav Razmyslov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Using an invalid iterator range is similar to allowing a buffer overflow, which can lead to an attacker running arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

CTR53-CPP

High

Probable

High

P6

L2

Automated Detection

Tool

Version

Checker

Description

Parasoft C/C++test
Include Page
cplusplus:
Parasoft_V
cplusplus:
Parasoft_V
STL-36
  PRQA

PRQA QA-C4.1 3802 
 

PRQA QA-C++
Include Page
PRQA QA-C++_V
PRQA QA-C++_V
3802 

PVS-Studio6.22V539, V662, V789General analysis rule set
 

Related Vulnerabilities

In Fun with erase(), Chris Rohlf discusses the exploit potential of a program that calls vector::erase() with invalid iterator ranges [Rohlf 2009].

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardCTR51-CPP. Use valid references, pointers, and iterators to reference elements of a container
CTR57-CPP. Provide a valid ordering predicate

Bibliography

[ISO/IEC 14882-2014]

Clause 24, "Iterators Library"
Subclause 25.3, "Mutating Sequence Operations" 

[Meyers 2001]Item 32, "Follow Remove-Like Algorithms with erase If You Really Want to Remove Something"

...


...