parts/6.55.UnspecifiedBehaviour-BQF.md

6.55 Unspecified Behaviour [BQF]

6.55.1 Applicability of language

The vulnerability as described in ISO/IEC 24772-1:2019 clause 6.55 applies to C++.

In the following example, the value of size can be different than the length of data because the extent of data must be calculated at compile time but the calculation of size can be determined at compile time or executed at runtime, which is one source of unspecified behaviour.

char data[1 + int(1 + 0.2 - 0.1 - 0.1)] = { }; // compile-time evaluation
int size = 1 + int(1 + 0.2 - 0.1 - 0.1);       // compile-time or run-time evaluation
char f() { return data[size-1];} // Possible buffer overflow

6.55.2 Avoidance mechanisms for language users

To avoid the vulnerability or mitigate its ill effects, C++ software developers can:

• Follow the avoidance mechanisms of ISO/IEC 24772-1 clause 6.55.5.

• Use static analysis tools and multiple compilers/tools to help identify occurrences of unspecified behaviour.