c++11 使用c++风格的cast： static_cast<type>(expression) const_cast<type> dynamic_cast reinterpret_cast

c++编程中， 尽量避免使用c语言风格的 cast，

具体实例如下：

EXP05-CPP. Do not use C-style casts

Skip
to end of metadata

Created by Fred Long, last modified by Will
Snavely on Mar
31, 2015

Go
to start of metadata

Icon

This guideline has not been reviewed recently and may be outdated. Please review it and comment to reflect any newly available information.

C++ allows the traditional C-style casts, although it has introduced its own casts:

static_cast<type>(expression)

const_cast<type>(expression)

dynamic_cast<type>(expression)

reinterpret_cast<type>(expression)

C++ casts allow for more compiler checking and thus are considerably safer to use. They are also easier to find in source code (either by tools or by human readers).

Non-Compliant Code Example (

static_cast()

)

In this example, a C-style cast is used to convert an

int

to a

double

:

Compliant Solution (

static_cast()

)

Using the new cast, the division should be written as:

This code is safer (as the compiler can check that it really is a static type conversion), and the cast is easier to find.

Non-Compliant Code Example (

const_cast()

)

In this example, a C-style cast is used to remove the

const

ness of a function parameter:

Compliant Solution (

const_cast()

)

Using the new cast, the function call should be written as:

Again, this is safer (as the compiler can check that the only conversion is to remove the

const

ness), and it is easier to find.

Note that this code runs afoul of EXP55-CPP.
Do not access a cv-qualified object through a cv-unqualified type.

The

const_cast

may also be used to cast away volatility, but that is forbidden by VOID
EXP32-CPP. Do not access a volatile object through a non-volatile reference.

Non-Compliant Code Example (

dynamic_cast()

)

In this example, a C-style cast is used to convert a type in an inheritance heirarchy:

Compliant Solution (

dynamic_cast()

)

Using the new cast, the function call should be written as:

In this case, the compiler can check that it really is a conversion between two types in the same inheritance heirarchy.

Non-Compliant Code Example (

reinterpret_cast()

)

In this example, a C-style cast is used to convert a

double

function pointer to an

int

function pointer:

Compliant Solution (

reinterpret_cast()

)

Using the new cast, the assignment should be written as:

Once again, the compliant code has the advantage that the cast is much more visible than if a C-style cast is used (although the compiler is not able to check much in the case of a

reinterpret_cast

).

Risk Assessment

Using C-style casts can lead to type errors because the compiler is unable to apply the checking that is possible when using the more restrictive C++ casts. Type errors could lead to an attacker being able to execute arbitrary code.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
EXP05-CPP	high	probable	medium	P12	L1

Automated Detection

Tool	Version	Checker	Description
ECLAIR	1.2	CP1.EXP05	Fully implemented
PRQA QA-C++	v3.2	3080,3082