...
| Code Block |
|---|
void walk(vector<Base*>bar) {
for_each (bar.begin(), bar.end(), mem_fun(&Base::func));
}
int main(void) {
vector<Base*> dis(3);
for (int i=0; i<3; i++) dis[i] = new Base;
vector<Base*> dat(3);
for (int i=0; i<3; i++) dat[i] = new Derived;
walk(dis);
walk(dat);
}
|
...
Risk Assessment
Using arrays polymorphically can result in memory corruption, which could lead to an attacker being able to execute arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
OBJ31-C | ||||||
Component | Value | |||||
Severity | 3 (high) | Likelihood | 3 (likely) Remediation cost | 1 (high) | P9 | L2 |
References
- Sutter 04 Item 100: Don't treat arrays polymorphically.
...