SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 61

changes.mady.by.user Barbara White

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Unchecked element access can lead to out-of-bound reads and writes and write-anywhere exploits. These exploits can, in turn, lead to the execution of arbitrary code with the permissions of the vulnerable process.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR53-CPP

High

Unlikely

Medium

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page
Astrée_V
Astrée_V

assert_failure

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.BO
LANG.MEM.BU
LANG.MEM.TBA
LANG.MEM.TO
LANG.MEM.TU

Buffer overrun
Buffer underrun
Tainted buffer access
Type overrun
Type underrun
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C++3162, C++3163, C++3164, C++3165


Parasoft C/C++test
9.5BD-PB-OVERF{RD, WR, FMT, NZT} 
Include Page
Parasoft_V
Parasoft_V

CERT_CPP-STR53-a

Guarantee that container indices are within the valid range

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: STR53-CPP

Checks for:

  • Array access out of bounds
  • Array access with tainted index
  • Pointer dereference with tainted offset

Rule partially covered.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardCTR50-CPP. Guarantee that container indices and iterators are within the valid range

Bibliography

[ISO/IEC 14882-2014]

Subclause 21.4.5, "basic_string Element Access"

[Seacord 2013]Chapter 2, "Strings"

...


...

Image Modified Image Modified Image Modified