SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 21

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version 22

changes.mady.by.user Aaron Ballman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
langcpp
#include <algorithm>
#include <iterator>
#include <vector>

void f(const std::vector<int> &src) {
  std::vector<int> dest;
  std::copy(src.begin(), src.end(), std::back_inserter(dest));
  // ...
}

Compliant Solution (Assignment)

The simplest solution is to construct dest from src directly, as in this compliant solution:

Code Block
bgColor#ccccff
langcpp
#include <vector>

void f(const std::vector<int> &src) {
  std::vector<int> dest(src);
  // ...
}

Risk Assessment

Copying data to a buffer that is too small to hold that data results in a buffer overflow. Attackers can exploit this condition to execute arbitrary code.

...

Related Guidelines

CERT C++ Secure Coding Standard STR35-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator
CERT C Coding StandardARR38-C. Guarantee that library functions do not form invalid pointers
MITRE CWECWE 119, Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer
CWE 805, Buffer Access with Incorrect Length Value

...

CTR32-CPP. Use valid references, pointers, and iterators to reference elements of a container      06006. Containers (CTR)      CTR34-CPP. Use Valid Iterator Rangesvalid iterator ranges