parts/6.55.UnspecifiedBehaviour-BQF.md

6.55 Unspecified Behaviour [BQF]

6.55.1 Applicability of language

The vulnerability as described in ISO/IEC 24772-1:2019 clause 6.55 applies to C++.

In the following example, the value of size can be different than the length of data because the extent of data must be calculated at compile time but the calculation of size can be determined either at compile time or during program execution, one source of unspecified behaviour.

char data[1 + int(1 + 0.2 - 0.1 - 0.1)] = { }; // compile-time evaluation
int size = 1 + int(1 + 0.2 - 0.1 - 0.1);       // compile-time or run-time evaluation
char f() { return data[size-1];} // Possible buffer overflow

6.55.2 Avoidance mechanisms for language users

To avoid the vulnerability or mitigate its ill effects, C++ software developers can:

• Apply the avoidance mechanisms of ISO/IEC 24772-1 clause 6.55.5.

• Use static analysis tools and multiple compilers/tools from different sources to help identify occurrences of unspecified behaviour.