The vulnerability as documented in ISO/IEC 24772-1 clause 6.42 applies to C++. C++ leaves verification of the correctness of an overridden call to the programmer.
The vulnerability can be mitigated by a style of programming that uses wrapper functions to check preconditions, calls a virtual function to perform the required functionality and subsequently checks the postconditions before returning.
An example is provided below.
class Base {
private:
virtual int function_to_override( int x ) = 0;
// ...
public:
int interface_to_overridden_function( int x ) {
check_preconditions( x );
const auto saved = data_saved_for_postcondition( x );
auto result = function_to_override( x );
check_postconditions( x, saved, result );
return result;
}
// ...
};A future version of the C++ standard is expected to contain “contracts”, which formalize the notion of preconditions, postconditions and contract assertions.
To avoid the vulnerability or mitigate its ill effects, C++ software developers can:
Apply the avoidance mechanisms of ISO/IEC 24772-1 6.42.5
Use static analysis tools that identify violations of preconditions and postconditions.
Ensure that all invariants of a derived class are preserved by all public operations on its public base classes.
See also C++ Core Guidelines C.120, C.121, C.122, C.126, C.127, and C.129 through C.133.