parts/6.48.Dynamically-linkedCodeAndSelf-modifyingCode-NYY.md

6.48 Dynamically-linked Code and Self-modifying Code [NYY]

6.48.1 Applicability to language

The vulnerability described in ISO/IEC 24772-1:2024 applies to C++. As for the C programming language, the process of linking and loading is outside the scope of the C++ standard.

In C++, the conversion of a function pointer to another type (to misdirect a pointer, for example) requires the use of a C-style cast or reinterpret_cast. Such casts can result in unspecified behaviour, undefined behaviour or implementation-defined behaviour.

6.48.2 Avoidance mechanisms for language users

To avoid the vulnerability or mitigate its ill effects, C++ software developers can:

• Follow the avoidance mechanisms of ISO/IEC 24772-1 clause 6.48.5 and ISO/IEC 24772-3 clause 6.48.2.
• Follow the avoidance mechanisms of 6.11.2 Pointer type conversions [HFC].
• Document and carefully review all uses of reinterpret_cast or C-style casts.