The vulnerability as described in ISO/IEC TR 24772-1:2019 clause 6.47 is applicable to C++.
C++ is a multi-paradigm language with a number of features that do not interface simply with other language systems. It is left to the implementation team the task of converting the results of these paradigms to constructs that can cross an interface for further processing in other languages.
C++ compilers provide an application binary interface (ABI) that delineates areas of interoperability with other languages or other C++ compiler/runtime systems. An ABI includes calling conventions, data layout, error and exception handling and return conventions, name mangling, data model, initialization of memory, and linkage to operating systems and libraries.
C++ compilers implement a C++ language linkage and a C language linkage. It is implementation-defined what other languages the implementation supports. Alternatively, other language systems provide linkages to C systems[^3](Ada has developed a standard for interfacing with C. Fortran has included a Clause 15 that explains how to call C functions.), leaving the developer the task of channeling everything through this common language system.
To avoid the vulnerability or mitigate its ill effects, C++ software developers can:
Follow the avoidance mechanisms of ISO/IEC 24772-1 clause 6.47.5
Use standard layout types for the interoperable interfaces.
Use language linkage facilities that support the languages being
used.
EXP56-CPP. Do not call a function with a mismatched language
linkage (-> 6.47)
EXP60-CPP. Do not pass a nonstandard-layout type object across
(-> 6.47 ?)
execution boundaries
Be aware that the static initialization phase and dynamic initialization for every language system are required before the system begins execution
Be aware that C++ exceptions are not usually compatible with exceptions in other languages.
Segregate outgoing cross-language interfacing code into functions that present a C++ interface to the C++ code and implements that interface by calling code compatible with the other language system. Similarly implement incoming cross-language interfaces by providing simplified functions that presents a simplified (C or other language) interface and is implemented by calling C++ code with the correct style.
Separate the interfacing code from the code containing the main functionality
See also the C++ Core Guidelines CPL.3.
AI 63-6 – group – add the guidance from 6.47.2 Interoperability into the Core Guidelines.