SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 62

changes.mady.by.user Robert Schiela

Saved on

compared with

New Version Current

changes.mady.by.user Valery

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Referencing an object outside of its lifetime can result in an attacker being able to run arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP54-CPP

High

Probable

High

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page
Astrée_V
Astrée_V

return-reference-local
dangling_pointer_use
Partially checked
Clang
Include Page
Clang_V
Clang_V

-Wdangling-initializer-list

Catches some lifetime issues related to incorrect use of std::initializer_list<>
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

IO.UAC
ALLOC.UAF

Use after close
Use after free
Klocwork
Helix QAC

Include Page

Klocwork

Helix QAC_V

Klocwork

Helix QAC_V

CL.FFM.ASSIGN
CL.FFM.COPY

C++4003, C++4026

DF2812, DF2813, DF2814, DF2930, DF2931, DF2932, DF2933, DF2934,


Klocwork
Include Page
Klocwork_V
Klocwork_V
CL.FFM.ASSIGN
CL.FFM.COPY
LOCRET.
LOCRET.
ARG
LOCRET.GLOB
LOCRET.RET
UFM.DEREF.MIGHT
UFM.DEREF.MUST
UFM.FFM.MIGHT
UFM.FFM.MUST
UFM.RETURN.MIGHT
UFM.RETURN.MUST
UFM.USE.MIGHT
UFM.USE.MUST
UNINIT.HEAP.MIGHT
UNINIT.HEAP.MUST
UNINIT.STACK.ARRAY.MIGHT
UNINIT.STACK.ARRAY.MUST
UNINIT.STACK.ARRAY.PARTIAL.MUST
UNINIT.STACK.MIGHT
UNINIT.STACK.MUST
LDRA tool suite
Include Page
LDRA_V
LDRA_V

42 D, 53 D, 77 D, 1 J, 71 S, 565 S

Partially implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_CPP-EXP54-a
CERT_CPP-EXP54-b
CERT_CPP-EXP54-c

Do not use resources that have been freed
The address of an object with automatic storage shall not be returned from a function
The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist

Parasoft Insure++

Runtime detection
Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: EXP54-CPP

Checks for:

  • Non-initialized variable or pointer
  • Use of previously freed pointer
  • Pointer or reference to stack variable leaving scope
  • Accessing object with temporary lifetime

Rule partially covered.

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V758, 
V1041, V1099

RuleChecker
LDRA tool suite
Include Page
LDRA
RuleChecker_V
LDRA
RuleChecker_V

42 D, 53 D, 77 D, 1 J, 71 S, 565 S

Partially implemented

Parasoft C/C++test9.5BD-RES-FREE Parasoft Insure++  Runtime detection
return-reference-localPartially checked

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C Coding Standard

DCL30-C. Declare objects with appropriate storage durations

Bibliography

[Coverity 2007]
 

[ISO/IEC 14882-2014]Subclause 3.8, "Object Lifetime"
Subclause 8.5.4, "List-Initialization"
 
 


...

Image Modified Image Modified Image Modified