logo

Parent Class without Virtual Destructor Method

Incomplete Base
Structure: Simple
Description

This occurs when a base class, designed to be inherited from, does not declare its destructor as virtual. This oversight prevents proper cleanup when objects are deleted through a pointer to the parent class.

Extended Description

When you delete a child class object through a pointer to its non-virtual parent, the program calls only the parent's destructor. The child class's own destructor is never invoked, leading to a partial destruction known as 'object slicing.' This leaves the child's resources, like dynamically allocated memory or open file handles, uncleaned—a direct path to memory leaks and corrupted program state. From a security perspective, while not a direct vulnerability, this unreliable behavior undermines system stability. An attacker who can trigger code paths that rely on this flawed inheritance chain can cause resource exhaustion, crashes, or unexpected behavior. These conditions can potentially be leveraged to bypass security controls or contribute to a larger exploit chain, making the application less predictable and more difficult to defend.
Common Consequences 1
Scope: Other

Impact: Reduce Reliability
References 1
Automated Source Code Reliability Measure (ASCRM)
Object Management Group (OMG)
01-2016
http://www.omg.org/spec/ASCRM/1.0/
ID: REF-961
Related Weaknesses
ChildOf: Insufficient Adherence to Expected Conventions (CWE-1076)
Taxonomy Mapping
  • OMG ASCRM