...
Using arrays polymorphically can result in memory corruption, which could lead to an attacker being able to execute arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
CTR56-CPP | High | Likely | High | P9 | L2 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Parasoft C/C++test |
|
|
| PB-10, STL-02 |
| LDRA tool suite |
| 567 S | Enhanced Enforcement | ||||||
| PRQA QA-C++ |
| 3073 |
| PVS-Studio | 6.22 | V777 | General analysis rule |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
| [ISO/IEC 14882-2014] | Subclause 5.7, "Additive Operators" |
| [Lockheed Martin 2005] | AV Rule 96, "Arrays shall not be treated polymorphically" |
| [Meyers 1996] | Item 3, "Never Treat Arrays Polymorphically" |
| [Stroustrup 2006] | "What's Wrong with Arrays?" |
| [Sutter 2004] | Item 100, "Don't Treat Arrays Polymorphically" |
...
...