SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 31

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 32

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Ensuring that array references are within the bounds of the array is almost entirely the responsibility of the programmer. Likewise, when using STL standard template library vectors, the programmer is responsible for ensuring integer indexes are within the bounds of the vector.

...

This noncompliant code example shows a function, insert_in_table(), that has two int paramters parameters, pos and value, both of which can be influenced by data originating from untrusted sources. The function performs a range check to ensure that pos does not exceed the upper bound of the array, specified by table_size, but fails to check the lower bound. Because pos has been is declared as a (signed) int, this parameter can assume a negative value, resulting in a write outside the bounds of the memory referenced by table.

...

Non-type templates can be used to define functions accepting an array type where the array bounds are deduced at compile time. This compliant solution is functionally equivalent to the previous bounds-checking one , except that it additionally supports calling insert_in_table() with an array of known bounds.

...

In this noncompliant code example, a std::vector is used in place of a pointer and size pair. The function performs a range check to ensure that pos does not exceed the upper bound of the array but fails to check the lower bound for table. Because pos has been is declared as a (signed) int, this parameter can assume a negative value, resulting in a write outside the bounds of the std::vector object.

...

In this noncompliant code example, it is possible that the function is given a valid iterator , but that the iterator is not within a valid range. For instance, if f() were called with iterators obtained from an empty container, the end() iterator could be improperly dereferenced.

...

Using an invalid array or container index can result in an arbitrary memory overwrite or abnormal program termination.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

CTR50-CPP

High

Likely

High

P9

L2

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C Coding Standard ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
MITRE CWECWE 119, Failure to Constrain Operations within the Bounds of a Memory Buffer
CWE 129, Improper Validation of Array Index

...

[ISO/IEC 14882-2014]

23, "Containers Library"
24.2.1, "In General" 

[Viega 05]Section 5.2.13, "Unchecked Array Indexing"
[ISO/IEC PDTR 24772]"XYX Boundary Beginning Violation," "XYY Wrap-around Error," and "XYZ Unchecked Array Indexing"

...