C++ places all standard definitions inside the std
namespace. Furthermore, C++ 2003, Section 17.4.3.1 "Reserved names", says:
It is undefined for a C++ program to add declarations or definitions to namespace std or namespaces within namespace std unless otherwise specified. A program may add template specializations for any standard library template to namespace std. Such a specialization (complete or partial) of a standard library template results in undefined behavior unless the declaration depends on a user-defined type of external linkage and unless the specialization meets the standard library requirements for the original template.
Noncompliant Code Example
This code is noncompliant because it alters the standard namespace.
Code Block | ||||
---|---|---|---|---|
| ||||
namespace std { int x; }; |
Compliant Solution
Code Block | ||||
---|---|---|---|---|
| ||||
namespace nonstd { int x; }; |
Risk Assessment
Altering the standard namespace can cause undefined behavior in the C++ standard library.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC34-CPP | high | unlikely | medium | P6 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
MSC33-CPP. Obey the One Definition Rule 49. Miscellaneous (MSC) MSC35-CPP. Do not use goto statement to take control inside the try and catch blocks