SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 12

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Do not use std::memset() to initialize an object of nontrivial class type as it may not properly initialize the value representation of the object. Do not use std::memcpy() (or related bytewise copy functions) to initialize a copy of an object of nontrivial class type, as it may not properly initialize the value representation of the copy. Do not use std::memcmp() (or related bytewise comparison functions) to compare objects of nonstandard-layout class type, as it may not properly compare the value representations of the objects. In all cases, it is best to prefer the alternatives.

C Standard Library FunctionC++ Equivalent Functionality
std::memset()Class constructor
std::memcpy()
std::memmove()
std::strcpy() 		Class copy constructor or operator=() 
std::memcmp()
std::strcmp()		operator<(), operator>(), operator==(), or operator!=()

Noncompliant Code Example

...

Most violations of this rule will result in abnormal program behavior. However, overwriting implementation details of the object representation can lead to code execution vulnerabilities.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

OOP57-CPP

High

Probable

High

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page
Astrée_V
Astrée_V

stdlib-use-ato
stdlib-use
stdlib-use-getenv
stdlib-use-system
include-time
stdlib-use-string-unbounded
Partially checked
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.MEMCMP

BADFUNC.MEMSET

Use of memcmp

Use of memset

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C++5017, C++5038
Klocwork
Include Page
Klocwork_V
Klocwork_V

CERT.OOP.CSTD_FUNC_USE 


LDRA tool suite
Include Page
LDRA_V
LDRA_V

44 S

Enhanced Enforcement

Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_CPP-OOP57-a
CERT_CPP-OOP57-b

Do not initialize objects with a non-trivial class type using C standard library functions
Do not compare objects of nonstandard-layout class type with C standard library functions

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: OOP57-CPPChecks for bytewise operations on nontrivial class object (rule fully covered)
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V598, V780
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
stdlib-use-ato
stdlib-use
stdlib-use-getenv
stdlib-use-system
include-time
stdlib-use-string-unbounded
Partially checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard

EXP62-CPP. Do not access the bits of an object representation that are not part of the object's value representation

Bibliography

[ISO/IEC 14882-2014]Subclause 3.9, "Types"
Subclause 3.10, "Lvalues and Rvalues"
Clause 9, "Classes" 

 


...

 Image Modified