SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 45

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 46

changes.mady.by.user Barbara White

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Do not use a reference, pointer, or iterator that has been invalidated, as that results in undefined behavior. This rule is a specific instance of CTR51-CPP. Use valid references, pointers, and iterators to reference elements of a container.

Noncompliant Code Example

This noncompliant code example copies input into a std::string, replacing ';' characters with spaces. This example is noncompliant because the iterator loc is invalidated after the first call to insert(). The behavior of subsequent calls to insert() is undefined.

Code Block
bgColor#FFcccc
langcpp
#include <string>
 
void f(const std::string &input) {
  std::string email;
  std::string::iterator loc = email.begin();

  // copy input into email converting ";" to " "
  for (auto I = input.begin(), E = input.end(); I != E; ++I, ++loc) {
    email.insert(loc, *I != ';' ? *I : ' ');
  }
}

Compliant Solution (std::string::insert())

In this compliant solution, the value of the iterator loc is updated as a result of each call to insert() so that the invalidated iterator is never accessed. The updated iterator is then incremented at the end of the loop.

Code Block
bgColor#ccccff
langcpp
#include <string>
 
void f(const std::string &input) {
  std::string email;
  std::string::iterator loc = email.begin();

  // copy input into email converting ";" to " "
  for (auto I = input.begin(), E = input.end(); I != E; ++I, ++loc) {
    loc = email.insert(loc, *I != ';' ? *I : ' ');
  }
}

Compliant Solution (std::replace())

In this compliant solution, the manual loop is replaced with a standard algorithm that performs the replacement. Using generic algorithms is generally preferable to inventing your own solution when possible.

Code Block
bgColor#ccccff
langcpp
#include <algorithm>
#include <string>
 
void f(const std::string &input) {
  std::string email{input};
  std::replace(email.begin(), email.end(), ';', ' ');
}

Risk Assessment

Using an invalid reference, pointer or iterator to a string object could allow an attacker to run arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR38-CPP

High

Probable

High

P6

L2

Automated Detection

Tool

Version

Checker

Description

    

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Coding StandardCTR51-CPP. Use valid references, pointers, and iterators to reference elements of a container

Bibliography

[ISO/IEC 14882-2014]

21.4.1, "basic_string General Requirements"

[Meyers 01]Item 43: Prefer algorithm calls to hand-written loops

...