SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 30

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 31

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
langcpp

class Base {
public:
    virtual ~Base () {}
    virtual void run () = 0;

...

Code Block
bgColor#FFcccc
langcpp

# include "Base.h"

class Derived: public Base {
public:
    Derived () {buf_[0] = 'a';}
    void run () {buf_[0] = 'z';}
    char buf_[1];
};

void runModule () {
    Derived a, b;
    Base *pa = &a, *pb = &b;
    pb->run ();  // Expect b.buf_[0] == 'z'
    pa->run ();  // Expect a.buf_[0] == 'z'
}

...

Code Block
bgColor#FFcccc
langcpp

# include "Base.h"

class Attacker: public Base {
public: void run () {
        // vtable is overwritten
        // do malicious things here
        // ...
    }
}

class Derived: public Base {  // Class violating ODR
public:
    void run () {
        buf_[0] = 'z';  // Looks normal, but ...
        Attacker x;  // Instantiate to get a vtable to inject
        *((unsigned *)(buf_ + 12)) = *((const unsigned *)(&x));
    }
    char buf_[16];  // Buffer used to overwrite vtable
};

Derived d;  // Instantiate to get malicious Derived

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC33-CPP

high

unlikely

high

P3

L3

Automated Detection

Tool

Version

Checker

Description

 PRQA QA-C++

 
Include Page
PRQA QA-C++_v
PRQA QA-C++_v

1067
1509

 

Bibliography

[ISO/IEC 14882-2003] Section 3.2, "One definition rule"

...

MSC32-CPP. Ensure your random number generator is properly seeded      49049. Miscellaneous (MSC)      MSC34-CPP. Do not modify the standard namespace