SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 60

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 61

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4.1 update

...

Recursively reentering a function during the initialization of one of its static objects can result in an attacker being able to cause a crash or denial of service. Indeterminately ordered dynamic initialization can lead to undefined behavior due to accessing an uninitialized object.

RuleSeverityLikelihoodRemediation CostPriorityLevel
DCL56-CPPLowUnlikelyMediumP2L3

Automated Detection

Tool
Version
Checker
Description
LDRA tool suite
Include Page
LDRA_V
LDRA_V

6 D

Enhanced Enforcement

Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_CPP-DCL56-a

Avoid initialization order problems across translation units by replacing non-local static objects with local static objects

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT Oracle Coding Standard for JavaDCL00-J. Prevent class initialization cycles

Bibliography

[ISO/IEC 14882-2014]

Subclause 3.6.2, "Initialization of Non-local Variables"
Subclause 6.7, "Declaration Statement"

...


...