...
Using arrays polymorphically can result in memory corruption, which could lead to an attacker being able to execute arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
CTR56-CPP | High | Likely | High | P9 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Axivion Bauhaus Suite |
| CertC++-CTR56 | |||||||
CodeSonar |
| LANG.STRUCT.PARITH | Pointer Arithmetic | ||||||
Helix QAC |
| C++3073 | |||||||
Parasoft C/C++test |
| CERT_CPP-CTR56-a | Don't treat arrays polymorphically |
LDRA tool suite |
| 567 S | Enhanced Enforcement |
Polyspace Bug Finder |
| CERT C++: CTR56-CPP | Checks for pointer arithmetic on polymorphic object (rule fully covered) | ||||||
PVS-Studio |
|
|
|
V777 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
[ISO/IEC 14882-2014] | Subclause 5.7, "Additive Operators" |
[Lockheed Martin |
2005] | AV Rule 96, "Arrays shall not be treated polymorphically" |
[Meyers |
1996] | Item 3, "Never Treat Arrays Polymorphically" |
[Stroustrup |
2006] | "What's Wrong with Arrays?" |
[Sutter |
2004] | Item 100, "Don't Treat Arrays Polymorphically" |
...
...