The vulnerability as documented in ISO/IEC TR 24772-1:2022 6.9 exists in C++ when an access is performed using operator[]
.
C-style arrays, C-style pointers, random-access iterators, and some standard library containers allow element access via operator[]
which is unchecked. However, those standard library containers also provide an access function at()
that behaves like operator[]
, but performs a check that the access is within the bounds of the container and throws an exception otherwise.
For issues associated with exception handling and error handling, see clause 6.36 Ignored error status and unhandled exceptions.
The parameter type for contiguous sequences std::span
does not provide a checked version of indexing and therefore should only be used via its iterator/range API.
To avoid the vulnerability or mitigate its ill effects, C++ software developers can:
Use the avoidance mechanisms of ISO/IEC 24772-1:2022 clause 6.9.5.
Follow the advice from clause 6.8.2.
Implement your own indexable containers with an overload of operator[]
that actually does a bounds check.
Prefer the at()
member function of the standard library containers over operator[]
and handle the bounds violation exceptions.
If indexing cannot be avoided, use static analysis or explicit checks to establish that bounds violations do not occur.