SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 27

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 28

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (jp)

...

  • as an argument to non-member functions swap(), operator>>operator>>(), and getline()
  • as an argument to basic_string::swap()
  • calling data() and c_str() member functions
  • Wiki Markup
    calling non-const member functions, except {{operator\[\]()}}, {{at()}}, {{begin()}}, {{rbegin()}}, {{end()}}, and {{rend()}}
  • Wiki Markup
    subsequent to any of the above uses except the forms of {{insert()}} and {{erase()}} that return iterators, the first call to non-const member functions {{operator\[\]()}}, {{at()}}, {{begin()}}, {{rbegin()}}, {{end()}}, or {{rend()}}

...

Code Block
bgColor#FFcccc
char input[] = ""bogus@addr.com; cat /etc/passwd&amp";quot;;
string email;
string::iterator loc = email.begin();

// copy into string converting ";"";" to " "" "
for (size_t i=0; i &amp;lt;<= strlen(input); i++) {
  if (input[i] != ';') {
    email.insert(loc++, input[i]);
  }
  else {
    email.insert(loc++, ' ');
  }
} // end string for each element in NTBS

...

Code Block
bgColor#ccccff
char input[] = &amp;quot;"bogus@addr.com; cat /etc/passwd&amp;quot";;
string email;
string::iterator loc = email.begin();

// copy into string converting &amp;quot;;&amp;quot;";" to &amp;quot; &amp;quot;" "
for (size_t i=0; i &amp;lt;<= strlen(input); i++) {
  if (input[i] != ';') {
    loc = email.insert(loc, input[i]);
  }
  else {
    loc = email.insert(loc, ' ');
  }
  ++loc;
} // end string for each element in NTBS

...

In this non-compliant example, the string s is initialized as &quot;rcs&quot; "rcs" and the string iterator si is initialized to the beginning of the string. The size of s is three, and we'll assume the capacity is fifteen. The for loop appends 20 characters to the end of the sting. As a result, the si iterator is invalidated because the capacity of the string is exceeded, requiring a reallocation. As a result, the call to insert() results in undefined behavior.

Code Block
bgColor#FFcccc
string s(&amp;quot;rcs&amp;quot;"rcs");
string::iterator si = s.begin();

for (size_t i=0; i&amp;lt;20i<20; ++i) {
  s.push_back('x');
}
s.insert(si, '*');

...

Code Block
bgColor#ccccff
string s(&amp;quot;rcs&amp;quot;"rcs");
string::iterator si = s.begin();

for (size_t i=0; i &amp;lt;< 20; ++i) {
   if ( s.size() == s.capacity() ) {
     break;
   }
  s.push_back('x');
}
s.insert(si, '*');

...