SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 67

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 68

changes.mady.by.user Svyatoslav Razmyslov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Referencing an object outside of its lifetime can result in an attacker being able to run arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP54-CPP

High

Probable

High

P6

L2

Automated Detection

Tool

Version

Checker

Description

Clang
Include Page
Clang_V
Clang_V

-Wdangling-initializer-list

Catches some lifetime issues related to incorrect use of std::initializer_list<>
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

IO.UAC
ALLOC.UAF

Use after close
Use after free
Klocwork
Include Page
Klocwork_V
Klocwork_V

CL.FFM.ASSIGN
CL.FFM.COPY
LOCRET.ARG
LOCRET.GLOB
LOCRET.RET
UFM.DEREF.MIGHT
UFM.DEREF.MUST
UFM.FFM.MIGHT
UFM.FFM.MUST
UFM.RETURN.MIGHT
UFM.RETURN.MUST
UFM.USE.MIGHT
UFM.USE.MUST
UNINIT.HEAP.MIGHT
UNINIT.HEAP.MUST
UNINIT.STACK.ARRAY.MIGHT
UNINIT.STACK.ARRAY.MUST
UNINIT.STACK.ARRAY.PARTIAL.MUST
UNINIT.STACK.MIGHT
UNINIT.STACK.MUST

 

LDRA tool suite
Include Page
LDRA_V
LDRA_V

42 D, 53 D, 77 D, 1 J, 71 S, 565 S

Partially implemented

Parasoft C/C++test
Include Page
cplusplus:
Parasoft_V
cplusplus:
Parasoft_V
BD-RES-FREE
 

Parasoft Insure++
  


Runtime detection
 
PRQA QA-C++9.1 2812, 2813, 2814, 2930, 2931, 2932, 2933, 2934, 4003, 4026
 

PVS-Studio6.22V758General analysis rule

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C Coding Standard

DCL30-C. Declare objects with appropriate storage durations

Bibliography

[Coverity 2007]
 

[ISO/IEC 14882-2014]Subclause 3.8, "Object Lifetime"
Subclause 8.5.4, "List-Initialization"
 
 


...