KEMBAR78
C++ Secure Programming | ODP
Marian Marinov, profile picture
Uploaded byMarian Marinov
ODP, PPTX122 views

C++ Secure Programming

The document discusses various C++ security issues and best practices for avoiding them. It covers topics like index out of bounds errors, pointer arithmetic, uninitialized variables, memory leaks, dereferencing null pointers, copy constructors and assignment operators. For each issue, it provides recommendations such as using vectors instead of arrays, avoiding pointer arithmetic, initializing variables, using smart pointers instead of raw pointers, and properly implementing copy constructors and assignment operators. The overall document provides guidance on writing more secure C++ code by avoiding common problems and vulnerabilities.

Download as ODP, PPTX
#include <mutex> #include <thread> const size_t maxThreads = 10; void do_work(size_t i, std::mutex *pm) { std::lock_guard<std::mutex> lk(*pm); // Access data protected by the lock. } void start_threads() { std::thread threads[maxThreads]; std::mutex m; for (size_t i = 0; i < maxThreads; ++i) { threads[i] = std::thread(do_work, i, &m); } } Writing Secure C++
427 pages
117 pages
● Index out of bounds ● Pointer Arithmetic ● Invalid Pointer, References & Iterators ● Uninitialized Variables ● Memory leaks ● Dereferencing NULL Pointers ● Copy Constructor & Assignment operators
● First obvious thing... – DO NOT MIX C and C++ code ● First obvious example - MySQL ● Garbage collection – Managed C++ ● http://managedcpp.sourceforge.net ● uses precise (depends on the type safety properties) – BoehmGC ● http://www.hboehm.info/gc/ ● uses conservative (slower) – gcnew/gcdelete methods
Index out of bounds #define N 10 T static_array[N]; int n = 20; T* dynamic_array= new T[n]; std::vector<T> vector_array; array[index] = x; Safe C++ suggests: 1. overload the [] operator 2. use vectors
Index out of bounds std::vector<T> vector_array; Problem with vectors - they are dynamically allocated - they are allocating larger chunks during initialization - every time the limit of a vector is reached a new one is created and old values are copied
Index out of bounds * Do not use static or dynamically allocated arrays. Use a template array or vector instead. * Do not use new and delete operators with brackets, leave it up to the template vector to allocate multiple elements. * Use scpp:vector instead of std::vector and scpp::array consistently instead of a static array, and switch the sanity checks on. * For a multidimensional array, use scpp::matrix and access elements through the () operator to provide index-out-of-bounds checks.
Pointer arithmetic vector<int> v; for (int i=0; i<10; i++) v.push_back(i); int *ptr = &v[3]; cout << “Element: “ << (*ptr) << endl; cout << “Address: “ << ptr << endl; cout << “Adding more elements” << endl; for (int i=0; i<10; i++) v.push_back(i*10); cout << “Element: “ << (*ptr) << endl; cout << “Address: “ << &v[3] << endl; Element: 3 Address: 0x1001000cc Adding more elements Element: 3 Address: 0x10010028c
Pointer arithmetic vector<int> v; for (int i=0; i<10; i++) v.push_back(i); int* ptr = &v[3]; same as int& ptr = v[3]; vector<int>::const_iterator new1 = v.begin; - this has the same issue as the previous example The same is true for almost all STL and STL like containers. hash_set & hash_map are also the same
Pointer arithmetic * Do not hold pointers, references, or iterators to the element of a container after you’ve modified the container. * Avoid pointer arithmetic(where possible). Use template vector or array with index instead.
Uninitialized Variables * Do not use built-in types such as int, unsigned, double, bool, etc., for class data members. - Instead, use Int, Unsigned, Double, Bool, etc., because you will not need to initialize them in constructors. * Use these new classes instead of built-in types for passing parameters to functions, to get additional type safety.
Uninitialized Variables * auto_ptr / unique_ptr - limited garbage collection by automatically calling delete in the destructor * also called smart pointers * Scoped Pointers - can't be copied -
Memory Leaks { MyClass* my_class_object = new MyClass; DoSomething(my_class_object); } // memory leak!!! MyClass* my_class_object = new MyClass; DoSomething(my_class_object); my_class_object = NULL; // memory leak!!!
Memory Leaks T* dynamic_array = new T[n]; delete T;
Memory Leaks T* dynamic_array = new T[n]; delete T; but had to be: delete [] T;
Dereferencing NULL pointers * If you have a pointer that owns the object it points to, use a smart pointer (a reference counting pointer or scoped pointer). * When you have a raw pointer T* pointing to an object you do not own, use the template class Ptr<T> instead. * For a const pointer (i.e., const T*) use Ptr<const T>.
Copy Constructors and Assignment Operators Each time you add a new data member in a class do not forget to add corresponding code to the copy-constructor and assignment operators! If you DON'T... C++ creates “defaults” for you.
Copy Constructors and Assignment Operators * Rely on default versions created for you automatically by a compiler. * Prohibit copies of any kind by declaring the copy constructor and assignment operator as private, and do not provide an implementation. * Write your own versions.
Copy Constructors and Assignment Operators * Whenever possible, avoid writing a copy-constructor or assignment operator for your classes. * If the default versions do not work for you, consider prohibiting the copying of instances of your class by declaring the copy-constructor and assignment operator private.
Others * DCL50-CPP. Do not define a C-style variadic function * EXP50-CPP. Do not depend on the order of evaluation for side effects * MEM51-CPP. Properly deallocate dynamically allocated resources
total 2070 pages

More Related Content

DOCX
Arrry structure Stacks in data structure
bylodhran-hayat
 
PPTX
Dynamic Objects,Pointer to function,Array & Pointer,Character String Processing
byMeghaj Mallick
 
PPT
Vector3
byRajendran
 
PDF
2 BytesC++ course_2014_c9_ pointers and dynamic arrays
bykinan keshkeh
 
PPTX
Chp4(ref dynamic)
byMohd Effandi
 
PPT
Lecture#8 introduction to array with examples c++
byNUST Stuff
 
PDF
Pointer in c++ part3
bySubhasis Nayak
 
PPTX
Vector class in C++
byJawad Khan
 
Arrry structure Stacks in data structure
bylodhran-hayat
 
Dynamic Objects,Pointer to function,Array & Pointer,Character String Processing
byMeghaj Mallick
 
Vector3
byRajendran
 
2 BytesC++ course_2014_c9_ pointers and dynamic arrays
bykinan keshkeh
 
Chp4(ref dynamic)
byMohd Effandi
 
Lecture#8 introduction to array with examples c++
byNUST Stuff
 
Pointer in c++ part3
bySubhasis Nayak
 
Vector class in C++
byJawad Khan
 

What's hot

PDF
Arrays in C++
byIlio Catallo
 
PPT
Arrays
byarchikabhatia
 
PDF
Notes for C++ Programming / Object Oriented C++ Programming for MCA, BCA and ...
byssuserd6b1fd
 
PDF
c programming
byArun Umrao
 
PPTX
Pointer
bykhyati thakkar
 
PPTX
#OOP_D_ITS - 3rd - Pointer And References
byHadziq Fabroyir
 
PPT
Lecture#9 Arrays in c++
byNUST Stuff
 
PPTX
expression in cpp
bygourav kottawar
 
PDF
Multidimensional arrays in C++
byIlio Catallo
 
PDF
String searching
byRussell Childs
 
PPT
Pointers
bysanya6900
 
PDF
Notes for C Programming for MCA, BCA, B. Tech CSE, ECE and MSC (CS) 5 of 5 by...
byssuserd6b1fd
 
PDF
Core Java Programming Language (JSE) : Chapter V - Arrays
byWebStackAcademy
 
PDF
c programming
byArun Umrao
 
DOC
Oops lab manual2
byMouna Guru
 
PPT
Arrays
byfahadshakeel
 
PPTX
Learning C++ - Pointers in c++ 2
byAli Aminian
 
PPTX
constructors
byDeepikaT13
 
PDF
Notes for C Programming for MCA, BCA, B. Tech CSE, ECE and MSC (CS) 4 of 5 by...
byssuserd6b1fd
 
PPTX
C++11
bySasha Goldshtein
 
Arrays in C++
byIlio Catallo
 
Arrays
byarchikabhatia
 
Notes for C++ Programming / Object Oriented C++ Programming for MCA, BCA and ...
byssuserd6b1fd
 
c programming
byArun Umrao
 
Pointer
bykhyati thakkar
 
#OOP_D_ITS - 3rd - Pointer And References
byHadziq Fabroyir
 
Lecture#9 Arrays in c++
byNUST Stuff
 
expression in cpp
bygourav kottawar
 
Multidimensional arrays in C++
byIlio Catallo
 
String searching
byRussell Childs
 
Pointers
bysanya6900
 
Notes for C Programming for MCA, BCA, B. Tech CSE, ECE and MSC (CS) 5 of 5 by...
byssuserd6b1fd
 
Core Java Programming Language (JSE) : Chapter V - Arrays
byWebStackAcademy
 
c programming
byArun Umrao
 
Oops lab manual2
byMouna Guru
 
Arrays
byfahadshakeel
 
Learning C++ - Pointers in c++ 2
byAli Aminian
 
constructors
byDeepikaT13
 
Notes for C Programming for MCA, BCA, B. Tech CSE, ECE and MSC (CS) 4 of 5 by...
byssuserd6b1fd
 
C++11
bySasha Goldshtein
 

Similar to C++ Secure Programming

PPT
Beware of Pointers
byppd1961
 
PDF
Bjarne essencegn13
byHunde Gurmessa
 
PPT
Memory Management In C++
byShriKant Vashishtha
 
PPT
Advance features of C++
byvidyamittal
 
PPT
Cppt 101102014428-phpapp01
byGetachew Ganfur
 
PPT
Link list
byMalainine Zaid
 
PPTX
Introduction to modern c++ principles(part 1)
byOky Firmansyah
 
PDF
Pointers
byProf. Dr. K. Adisesha
 
PPTX
What's New in C++ 11/14?
byDina Goldshtein
 
PPTX
Smart pointers
byVishal Mahajan
 
PPTX
function Overloading & Virtual Functions
bysontibhanuprasad
 
PPTX
Function Overloading and Arrays of Objects in CPP.pptx
bysontibhanuprasad
 
PDF
The c++coreguidelinesforsavercode
byDivyang Panchasara
 
PPT
C++tutorial
bydips17
 
PPTX
Object Oriented Paradighm programming lecture .pptx
byZainabNoor83
 
PPTX
C traps and pitfalls for C++ programmers
byRichard Thomson
 
PPTX
Data structure and Algorithms (C++).pptx
byammarasalmanqureshi7
 
PPT
C++ Memory Management
byAnil Bapat
 
PDF
CS225_Prelecture_Notes 2nd
byEdward Chen
 
PPT
Pointers_in_c.pptfffgfggdggffffrreeeggttr
byMorfaSafi
 
Beware of Pointers
byppd1961
 
Bjarne essencegn13
byHunde Gurmessa
 
Memory Management In C++
byShriKant Vashishtha
 
Advance features of C++
byvidyamittal
 
Cppt 101102014428-phpapp01
byGetachew Ganfur
 
Link list
byMalainine Zaid
 
Introduction to modern c++ principles(part 1)
byOky Firmansyah
 
Pointers
byProf. Dr. K. Adisesha
 
What's New in C++ 11/14?
byDina Goldshtein
 
Smart pointers
byVishal Mahajan
 
function Overloading & Virtual Functions
bysontibhanuprasad
 
Function Overloading and Arrays of Objects in CPP.pptx
bysontibhanuprasad
 
The c++coreguidelinesforsavercode
byDivyang Panchasara
 
C++tutorial
bydips17
 
Object Oriented Paradighm programming lecture .pptx
byZainabNoor83
 
C traps and pitfalls for C++ programmers
byRichard Thomson
 
Data structure and Algorithms (C++).pptx
byammarasalmanqureshi7
 
C++ Memory Management
byAnil Bapat
 
CS225_Prelecture_Notes 2nd
byEdward Chen
 
Pointers_in_c.pptfffgfggdggffffrreeeggttr
byMorfaSafi
 

More from Marian Marinov

PDF
How to start and then move forward in IT
byMarian Marinov
 
PDF
Thinking about highly-available systems and their setup
byMarian Marinov
 
PDF
Understanding your memory usage under Linux
byMarian Marinov
 
PDF
How to implement PassKeys in your application
byMarian Marinov
 
PDF
Dev.bg DevOps March 2024 Monitoring & Logging
byMarian Marinov
 
PDF
Basic presentation of cryptography mechanisms
byMarian Marinov
 
PDF
Microservices: Benefits, drawbacks and are they for me?
byMarian Marinov
 
PDF
Introduction and replication to DragonflyDB
byMarian Marinov
 
PDF
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
byMarian Marinov
 
PDF
How to successfully migrate to DevOps .pdf
byMarian Marinov
 
PDF
How to survive in the work from home era
byMarian Marinov
 
PDF
Managing sysadmins
byMarian Marinov
 
PDF
Improve your storage with bcachefs
byMarian Marinov
 
PDF
Control your service resources with systemd
byMarian Marinov
 
PDF
Comparison of-foss-distributed-storage
byMarian Marinov
 
PDF
Защо и как да обогатяваме знанията си?
byMarian Marinov
 
PDF
Securing your MySQL server
byMarian Marinov
 
PDF
Sysadmin vs. dev ops
byMarian Marinov
 
PDF
DoS and DDoS mitigations with eBPF, XDP and DPDK
byMarian Marinov
 
PDF
Challenges with high density networks
byMarian Marinov
 
How to start and then move forward in IT
byMarian Marinov
 
Thinking about highly-available systems and their setup
byMarian Marinov
 
Understanding your memory usage under Linux
byMarian Marinov
 
How to implement PassKeys in your application
byMarian Marinov
 
Dev.bg DevOps March 2024 Monitoring & Logging
byMarian Marinov
 
Basic presentation of cryptography mechanisms
byMarian Marinov
 
Microservices: Benefits, drawbacks and are they for me?
byMarian Marinov
 
Introduction and replication to DragonflyDB
byMarian Marinov
 
Message Queuing - Gearman, Mosquitto, Kafka and RabbitMQ
byMarian Marinov
 
How to successfully migrate to DevOps .pdf
byMarian Marinov
 
How to survive in the work from home era
byMarian Marinov
 
Managing sysadmins
byMarian Marinov
 
Improve your storage with bcachefs
byMarian Marinov
 
Control your service resources with systemd
byMarian Marinov
 
Comparison of-foss-distributed-storage
byMarian Marinov
 
Защо и как да обогатяваме знанията си?
byMarian Marinov
 
Securing your MySQL server
byMarian Marinov
 
Sysadmin vs. dev ops
byMarian Marinov
 
DoS and DDoS mitigations with eBPF, XDP and DPDK
byMarian Marinov
 
Challenges with high density networks
byMarian Marinov
 

Recently uploaded

PPTX
Heat Transfer Power Point presentation 1.1.pptx
bySolomon Raj
 
DOCX
material selection for preparation of glider
bybityasteraye
 
PDF
Scenario-based WLAN Planning Design for Warehouse.pdf
byomarlameda1
 
PDF
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
PDF
(17-30)Geotechnical Research in India - Scenario up to 2025.pdf
byDharmsinh Desai of University
 
PPTX
COLLAGE PLACEMENT MANAGEMENT SYSTEM.pptx
bychaitanyachopade08
 
PPT
23 EL PGS Sec-I (Shared).ppt power generation systems
byMehran university of engineering technology Pakistan
 
PDF
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
PDF
alireza payravi-resume english 1404-07-24.pdf
byAlireza Payravi
 
PDF
Boundary Conditions of field components.pdf
byRCC Institute of Information Technology
 
PPTX
AUV DESIGN and DEVELOPMENT FOR DEEP SEA MINING ( POLYMETALLIC NODULES) in MRC...
byArijit Biswas
 
PDF
(36-50)ANCIENT INGENUITY A REAPPRAISAL OF THE ARCHITECTURAL (3 files merged).pdf
byDharmsinh Desai of University
 
PPT
GSM concepts_Slide with frame structure.ppt
byATULJOSHI721117
 
PPTX
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
PDF
Somnath Mukherjee_BIM Specialist_Resume.pdf
bySomnathMukherjee980757
 
PDF
【EN】Accelerating Flutter UI Development with 
Figma Dev Mode MCP × Claude Code
byYuta Asada
 
PPTX
Understanding UL Wire Options that Surpass Industry Standards
byEpec Engineered Technologies
 
PDF
TOPIC 1.2 THE CONSTRUCTION PROJECT BY KJFF
byKHEN49
 
PPT
Basic electronics concepts like what is resistor , inductor capacitor
byibrahimshaikh112026
 
PDF
Overcoming QoS Challenges in a Full Automotive Ethernet Architecture
byRealTime-at-Work (RTaW)
 
Heat Transfer Power Point presentation 1.1.pptx
bySolomon Raj
 
material selection for preparation of glider
bybityasteraye
 
Scenario-based WLAN Planning Design for Warehouse.pdf
byomarlameda1
 
International Journal of Network Security & Its Applications (IJNSA)
byIJNSA Journal
 
(17-30)Geotechnical Research in India - Scenario up to 2025.pdf
byDharmsinh Desai of University
 
COLLAGE PLACEMENT MANAGEMENT SYSTEM.pptx
bychaitanyachopade08
 
23 EL PGS Sec-I (Shared).ppt power generation systems
byMehran university of engineering technology Pakistan
 
Project photos of Caliagua's new Telemark project for FivePoint.
byjhines4
 
alireza payravi-resume english 1404-07-24.pdf
byAlireza Payravi
 
Boundary Conditions of field components.pdf
byRCC Institute of Information Technology
 
AUV DESIGN and DEVELOPMENT FOR DEEP SEA MINING ( POLYMETALLIC NODULES) in MRC...
byArijit Biswas
 
(36-50)ANCIENT INGENUITY A REAPPRAISAL OF THE ARCHITECTURAL (3 files merged).pdf
byDharmsinh Desai of University
 
GSM concepts_Slide with frame structure.ppt
byATULJOSHI721117
 
Semiconductor and diode theory and application.pptx
bygetnetzegeye
 
Somnath Mukherjee_BIM Specialist_Resume.pdf
bySomnathMukherjee980757
 
【EN】Accelerating Flutter UI Development with 
Figma Dev Mode MCP × Claude Code
byYuta Asada
 
Understanding UL Wire Options that Surpass Industry Standards
byEpec Engineered Technologies
 
TOPIC 1.2 THE CONSTRUCTION PROJECT BY KJFF
byKHEN49
 
Basic electronics concepts like what is resistor , inductor capacitor
byibrahimshaikh112026
 
Overcoming QoS Challenges in a Full Automotive Ethernet Architecture
byRealTime-at-Work (RTaW)
 

C++ Secure Programming

  • 1.
    #include <mutex> #include <thread> constsize_t maxThreads = 10; void do_work(size_t i, std::mutex *pm) { std::lock_guard<std::mutex> lk(*pm); // Access data protected by the lock. } void start_threads() { std::thread threads[maxThreads]; std::mutex m; for (size_t i = 0; i < maxThreads; ++i) { threads[i] = std::thread(do_work, i, &m); } } Writing Secure C++
  • 2.
  • 3.
  • 4.
    ● Index outof bounds ● Pointer Arithmetic ● Invalid Pointer, References & Iterators ● Uninitialized Variables ● Memory leaks ● Dereferencing NULL Pointers ● Copy Constructor & Assignment operators
  • 5.
    ● First obviousthing... – DO NOT MIX C and C++ code ● First obvious example - MySQL ● Garbage collection – Managed C++ ● http://managedcpp.sourceforge.net ● uses precise (depends on the type safety properties) – BoehmGC ● http://www.hboehm.info/gc/ ● uses conservative (slower) – gcnew/gcdelete methods
  • 6.
    Index out ofbounds #define N 10 T static_array[N]; int n = 20; T* dynamic_array= new T[n]; std::vector<T> vector_array; array[index] = x; Safe C++ suggests: 1. overload the [] operator 2. use vectors
  • 7.
    Index out ofbounds std::vector<T> vector_array; Problem with vectors - they are dynamically allocated - they are allocating larger chunks during initialization - every time the limit of a vector is reached a new one is created and old values are copied
  • 8.
    Index out ofbounds * Do not use static or dynamically allocated arrays. Use a template array or vector instead. * Do not use new and delete operators with brackets, leave it up to the template vector to allocate multiple elements. * Use scpp:vector instead of std::vector and scpp::array consistently instead of a static array, and switch the sanity checks on. * For a multidimensional array, use scpp::matrix and access elements through the () operator to provide index-out-of-bounds checks.
  • 9.
    Pointer arithmetic vector<int> v; for(int i=0; i<10; i++) v.push_back(i); int *ptr = &v[3]; cout << “Element: “ << (*ptr) << endl; cout << “Address: “ << ptr << endl; cout << “Adding more elements” << endl; for (int i=0; i<10; i++) v.push_back(i*10); cout << “Element: “ << (*ptr) << endl; cout << “Address: “ << &v[3] << endl; Element: 3 Address: 0x1001000cc Adding more elements Element: 3 Address: 0x10010028c
  • 10.
    Pointer arithmetic vector<int> v; for(int i=0; i<10; i++) v.push_back(i); int* ptr = &v[3]; same as int& ptr = v[3]; vector<int>::const_iterator new1 = v.begin; - this has the same issue as the previous example The same is true for almost all STL and STL like containers. hash_set & hash_map are also the same
  • 11.
    Pointer arithmetic * Donot hold pointers, references, or iterators to the element of a container after you’ve modified the container. * Avoid pointer arithmetic(where possible). Use template vector or array with index instead.
  • 12.
    Uninitialized Variables * Donot use built-in types such as int, unsigned, double, bool, etc., for class data members. - Instead, use Int, Unsigned, Double, Bool, etc., because you will not need to initialize them in constructors. * Use these new classes instead of built-in types for passing parameters to functions, to get additional type safety.
  • 13.
    Uninitialized Variables * auto_ptr/ unique_ptr - limited garbage collection by automatically calling delete in the destructor * also called smart pointers * Scoped Pointers - can't be copied -
  • 14.
    Memory Leaks { MyClass* my_class_object= new MyClass; DoSomething(my_class_object); } // memory leak!!! MyClass* my_class_object = new MyClass; DoSomething(my_class_object); my_class_object = NULL; // memory leak!!!
  • 15.
    Memory Leaks T* dynamic_array= new T[n]; delete T;
  • 16.
    Memory Leaks T* dynamic_array= new T[n]; delete T; but had to be: delete [] T;
  • 17.
    Dereferencing NULL pointers *If you have a pointer that owns the object it points to, use a smart pointer (a reference counting pointer or scoped pointer). * When you have a raw pointer T* pointing to an object you do not own, use the template class Ptr<T> instead. * For a const pointer (i.e., const T*) use Ptr<const T>.
  • 18.
    Copy Constructors and AssignmentOperators Each time you add a new data member in a class do not forget to add corresponding code to the copy-constructor and assignment operators! If you DON'T... C++ creates “defaults” for you.
  • 19.
    Copy Constructors and AssignmentOperators * Rely on default versions created for you automatically by a compiler. * Prohibit copies of any kind by declaring the copy constructor and assignment operator as private, and do not provide an implementation. * Write your own versions.
  • 20.
    Copy Constructors and AssignmentOperators * Whenever possible, avoid writing a copy-constructor or assignment operator for your classes. * If the default versions do not work for you, consider prohibiting the copying of instances of your class by declaring the copy-constructor and assignment operator private.
  • 21.
    Others * DCL50-CPP. Donot define a C-style variadic function * EXP50-CPP. Do not depend on the order of evaluation for side effects * MEM51-CPP. Properly deallocate dynamically allocated resources
  • 22.