SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 26

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 27

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (jp)

...

  • as an argument to non-member functions swap(), operator>>operator>>(), and getline()
  • as an argument to basic_string::swap()
  • calling data() and c_str() member functions
  • Wiki Markup
    calling non-const member functions, except {{operator\[\]()}}, {{at()}}, {{begin()}}, {{rbegin()}}, {{end()}}, and {{rend()}}
  • Wiki Markup
    subsequent to any of the above uses except the forms of {{insert()}} and {{erase()}} that return iterators, the first call to non-const member functions {{operator\[\]()}}, {{at()}}, {{begin()}}, {{rbegin()}}, {{end()}}, or {{rend()}}

...

Code Block
bgColor#FFcccc
char input[] = "bogus@addr.com; cat /etc/passwd";
string email;
string::iterator loc = email.begin();

// copy into string converting ";" to " "
for (size_t i=0; i <= strlen(input); i++) {
  if (input[i] != ';') {
    email.insert(loc++, input[i]);
  }
  else {
    email.insert(loc++, ' ');
  }
} // end string for each element in NTBS

...

Code Block
bgColor#ccccff
char input[] = "bogus@addr.com; cat /etc/passwd";
string email;
string::iterator loc = email.begin();

// copy into string converting ";" to " "
for (size_t i=0; i <= strlen(input); i++) {
  if (input[i] != ';') {
    loc = email.insert(loc, input[i]);
  }
  else {
    loc = email.insert(loc, ' ');
  }
  ++loc;
} // end string for each element in NTBS

...

In this non-compliant example, the string s is initialized as "rcs" "rcs" and the string iterator si is initialized to the beginning of the string. The size of s is three, and we'll assume the capacity is fifteen. The for loop appends 20 characters to the end of the sting. As a result, the si iterator is invalidated because the capacity of the string is exceeded, requiring a reallocation. As a result, the call to insert() results in undefined behavior.

Code Block
bgColor#FFcccc
string s("rcs");
string::iterator si = s.begin();

for (size_t i=0; i<20; ++i) {
  s.push_back('x');
}
s.insert(si, '*');

...

Code Block
bgColor#ccccff
string s("rcs");
string::iterator si = s.begin();

for (size_t i=0; i < 20; ++i) {
   if ( s.size() == s.capacity() ) {
     break;
   }
  s.push_back('x');
}
s.insert(si, '*');

...

BSC32-C. Do not use the pointer value returned by c_str() after any subsequent call to a non-const member function      07. Characters and Strings (STR)      08. Memory Management (MEM)BSC34-C. Range check element access