SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 52

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 53

changes.mady.by.user Aleksandr Karbyshev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: axivion bauhaus

...

Code Block
bgColor#ccccff
langcpp
enum EnumType {
  First,
  Second,
  Third
};

void f(int intVar) {
  if (intVar < First || intVar > Third) {
    // Handle error
  }
  EnumType enumVar = static_cast<EnumType>(intVar);
}

 


Compliant Solution (Scoped Enumeration)

...

It is possible for unspecified values to result in a buffer overflow, leading to the execution of arbitrary code by an attacker. However, because enumerators are rarely used for indexing into arrays or other forms of pointer arithmetic, it is more likely that this scenario will result in data integrity violations rather than arbitrary code execution.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

INT50-CPP

Medium

Unlikely

Medium

P4

L3

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
c:Axivion Bauhaus Suite_V
c:Axivion Bauhaus Suite_V

CertC++-INT50
PRQA QA-C++4.12910, 2911, 2912, 2913
 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Becker 2009]Section 7.2, "Enumeration Declarations"
[ISO/IEC 14882-2014]

Subclause 5.2.9, "Static Cast"
Subclause 7.2, "Enumeration Declarations"

...


...