...
In this noncompliant code example, a class attempts to implement the pimpl idiom but deletes a pointer to an incomplete class type, resulting in undefined behavior if Body
has a nontrivial destructor:.
Code Block | ||||
---|---|---|---|---|
| ||||
class Handle { class Body *impl; // Declaration of a pointer to an incomplete class public: ~Handle() { delete impl; } // Deletion of pointer to an incomplete class // ... }; |
...
Casting pointers or references to incomplete classes can result in bad addresses. Deleting a pointer to an incomplete class results in undefined behavior if the class has a nontrivial destructor. Doing so can cause program termination, a runtime signal, or resource leaks.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP57-CPP | Medium | Unlikely | Medium | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| delete-with-incomplete-type | |||||||
Coverity | 6.5 | DELETE_VOID | Fully implemented | ||||||
Clang |
| -Wdelete-incomplete |
CodeSonar |
| LANG.CAST.PC.INC | Conversion: pointer to incomplete | ||||||
Helix QAC |
| C++3112 | |||||||
Klocwork |
| CERT.EXPR.DELETE_PTR.INCOMPLETE_TYPE | |||||||
LDRA tool suite |
| 169 S, 554 S | Enhanced Enforcement | ||||||
Parasoft C/C++test |
| CERT_CPP-EXP57-a | Do not delete objects with incomplete class at the point of deletion |
Parasoft Insure++ |
Runtime detection | |||||||||
Polyspace Bug Finder |
| CERT C++: EXP57-CPP | Checks for conversion or deletion of incomplete class pointer | ||||||
RuleChecker |
| delete-with-incomplete-type |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
[Dewhurst |
2002] | Gotcha #39, "Casting Incomplete Types" |
[ISO/IEC 14882-2014] | Subclause 4.10, "Pointer Conversions" |
[Sutter |
2000] | "Compiler Firewalls and the Pimpl Idiom" |
...
...