Copying a polymorphic object by value can easily result in the object being sliced. That is, only part of the information associated with the object is copied, and the remaining information is lost.
Non-Compliant Code Example
This code example is non-compliant because of the unintended data loss.
...
The information about Jane Doe's assistant is lost.
Compliant Solution
Assuming exactly the same class structure as above, if pointers to the objects are used so that objects are copied by reference, then slicing does not occur.
...
Manager: Jane Doe
Assistant: Bill Jones
Risk Assessment
Slicing results in information being lost, which could lead to a program not working properly and hence to a denial-of-service attack.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
OBJ32-C | 1 (low) | 2 (probable) | 1 (high) | P2 | L3 |
References
- ISO/IEC 14882-2003 Section 9, "Classes"
- Sutter 00 GotW #22: "Object Lifetimes - Part I"