Page History

...

An iterator range is a pair of iterators first and last that refer to the first element and the one-past-the-end-th element of the range, respectively. It is required that last be reachable from first by repeated increments of first.

Non-Compliant Code Example

In this non-compliant example, the two iterators that delimit the range point into the same container, but the first iterator doesn't actually precede the second.

for_each( c.end(), c.begin(), Something );

...

Invalid iterator ranges can result from comparison functions that return true for equal values. See ARR40CTR40-CPP. Use Provide a valid ordering rulepredicate and Meyers 01.

Non-Compliant Code Example

The second common case arises when the iterators point into different containers:

for_each( c.begin(), d.end(), Something );

The results are similar to the first non-compliant code example.

Compliant Solution

for_each( c.begin(), c.end(), Something );

Risk Assessment

Using an invalid iterator range is similar to allowing a buffer overflow, which can lead to an attacker running arbitrary code.

Related Vulnerabilities

The fun with erase() article by Chris Rohlf discusses the exploit potential of a program that calls vector::erase() with invalid iterator ranges.

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

[Sutter 05] Item 83: Use a checked STL implementation.
[Meyers 01] Item 21: Always have comparison functions return false for equal values.
[ISO/IEC 14882-2003] Section 24: Iterators Library.

...

CTR33-CPP. Guarantee that copies are made into storage of sufficient sizelibrary functions do not form invalid iterators      06. Containers (CTR)      ARR35CTR35-CPP. Do not allow loops to iterate beyond the end of an array or container