Unsafe use of this in constructor¶

ID: cpp/unsafe-use-of-this Kind: path-problem Security severity: 7.5 Severity: error Precision: very-high Tags: - correctness - language-features - security - external/cwe/cwe-670 Query suites: - cpp-code-scanning.qls - cpp-security-extended.qls - cpp-security-and-quality.qls 

Click to see the query in the CodeQL repository

This rule finds calls to pure virtual member functions in constructors and destructors. When executing the body of a constructor of class T, the virtual table of T refers to the virtual table of one of T’s base classes. This can produce unexpected behavior, including program abort that can lead to denial of service attacks. The same problem exists during destruction of an object.

Recommendation¶

Do not rely on virtual dispatch in constructors and destructors. Instead, each class should be responsible for acquiring and releasing its resources. If a base class needs to refer to a derived class during initialization, use the Dynamic Binding During Initialization idiom.

Example¶

classBase{private:// pure virtual member function used for initialization of derived classes.virtualvoidconstruct()=0;public:Base(){// wrong: the virtual table of `Derived` has not been initialized yet. So this// call will resolve to `Base::construct`, which cannot be called as it is a pure// virtual function.construct();}};classDerived:publicBase{intfield;voidconstruct()override{field=1;}};

References¶

ISO C++ FAQ: When my base class’s constructor calls a virtual function on its this object, why doesn’t my derived class’s override of that virtual function get invoked?
SEI CERT C++ Coding Standard OOP50-CPP. Do not invoke virtual functions from constructors or destructors
ISO C++ FAQ: Okay, but is there a way to simulate that behavior as if dynamic binding worked on the this object within my base class’s constructor?
Common Weakness Enumeration: CWE-670.

© GitHub, Inc.
Terms
Privacy