SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 7

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 8

changes.mady.by.user Andrew Wesie

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
enum et1 {
  E_A,
  E_B
};

int i1 = -1;
et1 e1 = static_cast<et1>(i1);

if (e1 < 0E_A) {
  /* error condition */
}

...

Code Block
bgColor#ccccff
enum et1 {
  E_A,
  E_B
};

int i1 = -1;

if (i1 < 0E_A || i1 > E_B) {
  /* error condition */
}

et1 e1 = static_cast<et1>(i1);

...

Code Block
bgColor#ccccff
enum et1 {
  E_A,
  E_B
};

int i1 = 5;

if (i1 < 0E_A || i1 > E_B) {
  /* error condition */
}

switch(static_cast<et1>(i1)) {
  case E_A:
    /* some action A */
  case E_B:
    /* some action B */
}

...

Unexpected behavior can lead to a buffer overflow and the execution of arbitrary code by an attacker. This is most likely if the program in one case checks the value correctly and then fails to do so later. Such a situation could allow an attacker to avoid verification of a buffer's length, etc.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

INT36-CPP

high

probable

high

P6

L2

References

Todo.