Page History

...

Using an invalid iterator range is similar to allowing a buffer overflow, which can lead to an attacker running arbitrary code.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
CTR53-CPP	High	Probable	High	P6	L2

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

overflow_upon_dereference

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.MEM.BO

Buffer Overrun

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C++3802

Parasoft C/C++test

9.5STL-36 PRQA QA-C4.1 3802 PRQA QA-C++ Include PagePRQA QA-C++_VPRQA QA-C++_V3802

Include Page

	Parasoft_V
	Parasoft_V

CERT_CPP-CTR53-a
CERT_CPP-CTR53-b

Do not use an iterator range that isn't really a range
Do not compare iterators from different containers

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C++: CTR53-CPP

Checks for invalid iterator range (rule partially covered).

PVS-Studio

Include Page

	PVS-Studio_V
	PVS-Studio_V

V539, V662, V789

Related Vulnerabilities

In Fun with erase(), Chris Rohlf discusses the exploit potential of a program that calls vector::erase() with invalid iterator ranges [Rohlf 2009].

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard

CTR51-CPP. Use valid references, pointers, and iterators to reference elements of a container
CTR57-CPP. Provide a valid ordering predicate

Bibliography

[ISO/IEC 14882-2014]	Clause 24, "Iterators Library" Subclause 25.3, "Mutating Sequence Operations"
[Meyers 2001]	Item 32, "Follow Remove-Like Algorithms with `erase` If You Really Want to Remove Something"

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 65

New Version Current

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography