Main Content

CERT C++: STR52-CPP

Use valid references, pointers, and iterators to reference elements of a basic_string

Since R2022b

expand all in page

Description

Rule Definition

Use valid references, pointers, and iterators to reference elements of a basic_string.1

Polyspace Implementation

The rule checker checks for the issue Use of invalid string iterator.

Examples

expand all

Issue

This issue occurs when you use an iterator, pointer, or reference to an element of a basic_string object that has been invalidated by actions such as insertion or erasure. This issue is a specific instance of the issue Use of invalid iterator, which causes violations of CERT C++: CTR51-CPP. Consider this code:

	std::string str = "Basic String";
	auto it_begin = str.begin();
	//...
	str.replace(0,5,"Advanced");
	str.insert(it_begin,'A'); // Violation
Here, the iterator it_begin is invalidated after the call to string::replace. Using this invalid iterator in string::insert causes a violation of this rule.

Functions that invalidate an STL iterator also invalidate basic_string iterators. In addition, these functions invalidate a basic_string iterator:

  • std::swap()

  • Operator>>(std::basic_istream&, std::string&)

  • std::getline()

Risk

Dereferencing the invalid iterator might produce unexpected results. If the invalidated iterator becomes a dangling pointer or an uninitialized pointer, dereferencing it might cause sudden termination of the program.

Fix

The C++ standard defines which operations invalidate the iterators of the standard library containers. These operations also invalidate a string operator. See Containers library. When you perform actions that might invalidate an iterator, revalidate the iterator. For instance, recalculate the iterator after an insertion or erasure.

Example — Avoid Using Invalid Iterators
#include <string>

  
void foo(const std::string& raw, std::string& processed) {
   
  // Process the raw string and store in processed
  auto loc = processed.begin();
  for (auto i = raw.begin(); i != raw.end(); ++i, ++loc) {
    processed.insert(loc, *i != ';' ? *i : ' ');//Noncompliant
  }
}

In this example, the first processed.insert operation in the for loop invalidates the iterator i. The subsequent use of the iterator i might result in undefined behavior. Polyspace® reports a violation of this rule.

Correction — Update the Iterator

When you use iterators after an insertion or erasure, update the iterator to avoid undefined behavior. For instance, in this code, the iterator i is updated after each insertion so that the iterator remains valid.

#include <string>

  
void foo(const std::string& raw, std::string& processed) {
   
  // Process the raw string and store in processed
  auto loc = processed.begin();
  for (auto i = raw.begin(); i != raw.end(); ++i, ++loc) {
    loc = processed.insert(loc, *i != ';' ? *i : ' ');//Compliant
  }
}

Check Information

Group: 05. Characters and Strings (STR)

Version History

Introduced in R2022b

See Also

Topics

External Websites

1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.