CERT C++: EXP51-CPP

Do not delete an array through a pointer of the incorrect type

Since R2022b

expand all in page

Description

Rule Definition

Do not delete an array through a pointer of the incorrect type.¹

Polyspace Implementation

The rule checker checks for the issue Delete operator used to destroy downcast object of different type.

Examples

expand all

Delete Operator Used to Destroy Downcast Object of Different Type

Issue

This issue occurs when an array object is deleted through a pointer type that is different from the pointer type of the object.

Risk

Deleting an array through the incorrect pointer type results in undefined behavior.

Fix

Match the static pointer type to the dynamic type of the object.

Example — Delete Downcast Object Through Different Static Pointer Type than Dynamic Object Type

struct Shape {
	virtual ~Shape() = default;
};

struct Rectangle : Shape {};

void example()
{
	Shape* r = new Rectangle[10];
	// do something
	delete[] r;        //Noncompliant
}

In this example, the pointer to the new Rectangle object is stored as the pointer type Shape*. As Shape and Rectangle are different types, when you attempt to delete the Rectangle array through Shape*, the result is undefined behavior.

Correction — Delete Downcast Object Through Same Static Pointer Type as Dynamic Object Type

struct Shape {
	virtual ~Shape() = default;
};

struct Rectangle : Shape {};

void example()
{
	Rectangle* r = new Rectangle[10];
	// do something
	delete[] r;
}

By changing the pointer type from Shape* to Rectangle*, you can avoid undefined behavior when deleting the array through the pointer. This is because the static type and dynamic type of the object are the same.

Check Information

Group: Rule 02. Expressions (EXP)

Version History

Introduced in R2022b

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.