c++11 使用c++风格的cast： static_cast<type>(expression) const_cast<type> dynamic_cast reinterpret_cast

c++编程中， 尽量避免使用c语言风格的 cast，

具体实例如下：

EXP05-CPP. Do not use C-style casts

Skip to end of metadata

• Created by Fred Long, last modified by Will Snavely on Mar 31, 2015

Go to start of metadata

Icon

This guideline has not been reviewed recently and may be outdated. Please review it and comment to reflect any newly available information.

C++ allows the traditional C-style casts, although it has introduced its own casts:

• static_cast<type>(expression)
• const_cast<type>(expression)
• dynamic_cast<type>(expression)
• reinterpret_cast<type>(expression)

C++ casts allow for more compiler checking and thus are considerably safer to use. They are also easier to find in source code (either by tools or by human readers).

Non-Compliant Code Example (static_cast())

In this example, a C-style cast is used to convert an int to a double:

int dividend, divisor;

// ...

double result = ((double)dividend)/divisor;

Compliant Solution (static_cast())

Using the new cast, the division should be written as:

double result = static_cast<double>(dividend)/divisor;

This code is safer (as the compiler can check that it really is a static type conversion), and the cast is easier to find.

Non-Compliant Code Example (const_cast())

In this example, a C-style cast is used to remove the constness of a function parameter:

void doit(SomeType *pst);

// ...

SomeType st;

SomeType const & cst = st;

// ...

doit((SomeType*)&cst);

Compliant Solution (const_cast())

Using the new cast, the function call should be written as:

doit(const_cast<SomeType*>(&cst));

Again, this is safer (as the compiler can check that the only conversion is to remove the constness), and it is easier to find.

Note that this code runs afoul of EXP55-CPP. Do not access a cv-qualified object through a cv-unqualified type.

The const_cast may also be used to cast away volatility, but that is forbidden by VOID EXP32-CPP. Do not access a volatile object through a non-volatile reference.

Non-Compliant Code Example (dynamic_cast())

In this example, a C-style cast is used to convert a type in an inheritance heirarchy:

class BaseType {// ...};

class DerivedType: public BaseType {// ...};

// ...

void doit(DerivedType *pdt);

// ...

BaseType *apbt[3];

// ...

apbt[1] = new DerivedType;

// ...

doit((DerivedType*)apbt[1]);

Compliant Solution (dynamic_cast())

Using the new cast, the function call should be written as:

doit(dynamic_cast<DerivedType*>(apbt[1]));

In this case, the compiler can check that it really is a conversion between two types in the same inheritance heirarchy.

Non-Compliant Code Example (reinterpret_cast())

In this example, a C-style cast is used to convert a double function pointer to an int function pointer:

typedef int (*IntFuncPtr)();

// ...

IntFuncPtr ifpArray[4];

// ...

double doit();

// ...

ifpArray[2] = (IntFuncPtr)&doit;

Compliant Solution (reinterpret_cast())

Using the new cast, the assignment should be written as:

ifpArray[2] = reinterpret_cast<IntFuncPtr>(&doit);

Once again, the compliant code has the advantage that the cast is much more visible than if a C-style cast is used (although the compiler is not able to check much in the case of a reinterpret_cast).

Risk Assessment

Using C-style casts can lead to type errors because the compiler is unable to apply the checking that is possible when using the more restrictive C++ casts. Type errors could lead to an attacker being able to execute arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP05-CPP

high

probable

medium

P12

L1

Automated Detection

Tool

Version

Checker

Description

ECLAIR

1.2

CP1.EXP05

Fully implemented

PRQA QA-C++v3.23080,3082