C ++ Security

What is type security?

Type security is equivalent to memory security to a large extent. type security code does not attempt to access the memory area that is not authorized by itself. "Type security" is often used to describe a programming language based on whether the language provides a mechanism to ensure type security. Sometimes, "type security" is used to describe a program, the criterion for discrimination is whether the program contains implicit type errors. There is no inevitable link between a type-safe programming language and a type-safe program. Good programmers can use less secure languages to write secure programs. On the contrary, a slightly less secure programmer may use a rather secure language to write insecure programs. Absolutely secure programming languages are not yet available.

Type security of C Language

C Only shows type security in local context. For example, if you try to convert a pointer from one struct to another, the compiler reports an error unless Explicit conversions are used. However, many operations in C are insecure. The following are two common examples:

(1) printf format output

/* - print.cpp * version:1.1 */int main(){printf("%d\n",10);system("pause");return 0;}

The above code is very simple. In the printf function, % d matches 10 and the result is correct.

Slightly modify:

/* - print.cpp * version:1.2 */int main(){printf("%f\n",10);system("pause");return 0;}

% F floating point number does not match 10, but the result is:

0.000000
Press any key to continue...
Further, change % F to % S. After compilation, the access violation error is returned.

(2) return values of the malloc Function

Malloc is a function for memory allocation in C. Its return type is void *, which is a null type pointer. It is often used in char * pstr = (char *) malloc (100 * sizeof (char), an explicit type conversion is made here. Type matching is still normal, but once int * pint = (int *) malloc (100 * sizeof (char) occurs, it is likely to cause some problems, such a conversion of C does not prompt errors.

C ++ type security

If C ++ is used properly, it is far more secure than C. Compared with C, C ++ provides some new mechanisms to ensure type security:

(1) the pointer type returned by the new operator strictly matches the object, rather than void *;

(2) In C, many functions with void * as parameters can be rewritten to C ++ template functions, while templates Support Type checks;

(3) introduce the const keyword instead # define constants, which has a type and scope, and # define constants is just a simple text replacement;

(4) Some # define macros can be rewritten as inline functions. Combined with function overloading, multiple types can be supported on the premise of type security. Of course, rewriting to a template can also ensure type security;

(5) C ++ provides the dynamic_cast keyword to make the conversion process safer, because dynamic_cast involves more specific type checks than static_cast.

Even so, C ++ is not an absolutely secure programming language. If not used, the type security cannot be guaranteed. For example, the following two examples:

int i=5;void* pInt=&i;double d=(*(double*)pInt);cout<<d<<endl;

The input result is not 5, but unexpected:-9.25596e + 061. For example:

# Include <iostream> using namespace STD; Class Parent {}; class Child1: Public parent {public: int I; Child1 (int e): I (e ){}}; class child2: Public parent {public: Double D; child2 (double E): D (e) {}}; int main () {Child1 C1 (5 ); child2 C2 (4.1); parent * PP; Child1 * pC1; pp = & C1; pC1 = (Child1 *) pp; // #1 forced conversion, because the type is still Child1 *, no error cout <pC1-> I <Endl; pp = & C2; pC1 = (Child1 *) PP is caused; // #2 forced conversion and type change will cause the error cout <pC1-> I <Endl; System ("pause"); Return 0 ;}

The result is as follows:

5
1717986918
Press any key to continue...

The two examples above cause type insecurity because programmers cannot use it properly. In the first example, void * is used as the null type pointer, and in the second example, It is forced conversion between two type pointers. Therefore, to ensure program type security, try to avoid using void * as a null type pointer, and try not to forcibly convert the two types of pointers.