c++编程中，尽量避免使用c语言风格的 cast，

Icon

This guideline has not been reviewed recently and may be outdated. Please review it and comment to reflect any newly available information.

C++ allows the traditional C-style casts, although it has introduced its own casts:

static_cast<type>(expression)

const_cast<type>(expression)

dynamic_cast<type>(expression)

reinterpret_cast<type>(expression)

C++ casts allow for more compiler checking and thus are considerably safer to use. They are also easier to find in source code (either by tools or by human readers).

Non-Compliant Code Example (`static_cast()`)

In this example, a C-style cast is used to convert an int to a double:

                      
int
dividend, divisor;
// ...
double
result = ((
double
)dividend)/divisor;
           
         

Compliant Solution (`static_cast()`)

Using the new cast, the division should be written as:

                      
double
result = 
static_cast
<
double
>(dividend)/divisor;
           
         

This code is safer (as the compiler can check that it really is a static type conversion), and the cast is easier to find.

Non-Compliant Code Example (`const_cast()`)

In this example, a C-style cast is used to remove the constness of a function parameter:

                      
void
doit(SomeType *pst);
// ...
SomeType st;
SomeType 
const
& cst = st;
// ...
doit((SomeType*)&cst);
           
         

Compliant Solution (`const_cast()`)

Using the new cast, the function call should be written as:

                      
doit(
const_cast
<SomeType*>(&cst));

Again, this is safer (as the compiler can check that the only conversion is to remove the constness), and it is easier to find.

Note that this code runs afoul of .

The const_cast may also be used to cast away volatility, but that is forbidden by .

Non-Compliant Code Example (`dynamic_cast()`)

In this example, a C-style cast is used to convert a type in an inheritance heirarchy:

                      
class
BaseType { 
// ...};
class
DerivedType: 
public
BaseType { 
// ...};
// ...
void
doit(DerivedType *pdt);
// ...
BaseType *apbt[3];
// ...
apbt[1] = 
new
DerivedType;
// ...
doit((DerivedType*)apbt[1]);
           
         

Compliant Solution (`dynamic_cast()`)

Using the new cast, the function call should be written as:

                      
doit(
dynamic_cast
<DerivedType*>(apbt[1]));

In this case, the compiler can check that it really is a conversion between two types in the same inheritance heirarchy.

Non-Compliant Code Example (`reinterpret_cast()`)

In this example, a C-style cast is used to convert a double function pointer to an int function pointer:

                      
typedef
int
(*IntFuncPtr)();
// ...
IntFuncPtr ifpArray[4];
// ...
double
doit();
// ...
ifpArray[2] = (IntFuncPtr)&doit;
           
         

Compliant Solution (`reinterpret_cast()`)

Using the new cast, the assignment should be written as:

                      
ifpArray[
2
] = reinterpret_cast<IntFuncPtr>(&doit);

Once again, the compliant code has the advantage that the cast is much more visible than if a C-style cast is used (although the compiler is not able to check much in the case of a reinterpret_cast).

Risk Assessment

Using C-style casts can lead to type errors because the compiler is unable to apply the checking that is possible when using the more restrictive C++ casts. Type errors could lead to an attacker being able to execute arbitrary code.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
EXP05-CPP	high	probable	medium	P12	L1

Automated Detection

Tool

Version

Checker

Description

1.2

CP1.EXP05

Fully implemented

v3.2

3080,3082

c++编程中， 尽量避免使用c语言风格的 cast，

Non-Compliant Code Example (static_cast())

Compliant Solution (static_cast())

Non-Compliant Code Example (const_cast())

Compliant Solution (const_cast())

Non-Compliant Code Example (dynamic_cast())

Compliant Solution (dynamic_cast())

Non-Compliant Code Example (reinterpret_cast())

Compliant Solution (reinterpret_cast())