parts/6.45.ExtraInstrinsics-LRM.md

6.45 Extra Intrinsics [LRM]

6.45.1 Applicability to the language

The vulnerability as described in ISO/IEC 24772-1 clause 6.45 applies to C++ as explained below.

C++ implementations are allowed to provide built-in functionality but are restricted to a specific naming schema reserved by the standard. For example, names containing a double underscore or that begin with an underscore and a capital letter are reserved for that purpose. See ISO/IEC 14882 clause [Lex.name]. The use of such names by the programmer is forbidden by the language. Language processors are not required to prohibit such usage, hence the vulnerability exists.

The standard restricts definitions in reserved namespaces, such as std (see ISO/IEC 14882 clause [namespace.constraints]). In addition, specializing a template from namespace std is restricted (see ISO/IEC 14882 clause [namespace.std]) unless explicitly allowed, for example, see ISO/IEC 14882 clause [unord.hash].

6.45.2 Avoidance mechanisms for program users

To avoid the vulnerability or mitigate its ill effects, C++ software developers can:

• Prohibit identifiers containing a double underscore __.
• Avoid identifiers starting with _, except when used for a literal suffix.
• Ensure user-defined literal suffixes start with a single _.
• Prohibit the declaration of names in reserved namespaces.
• Prohibit the specialization of a restricted template.
• Use compiler warnings and static analysis tools to detect and report violations of the above.