logo

Data Element containing Pointer Item without Proper Copy Control Element

Incomplete Base
Structure: Simple
Description

This weakness occurs when a data structure contains a pointer, but the code lacks proper methods to copy or initialize that pointer safely.

Extended Description

When a class or struct contains a raw pointer but doesn't define its own copy constructor or copy assignment operator, the compiler generates default versions. These default methods perform a shallow copy, meaning they copy the pointer address itself, not the data it points to. This leads to multiple objects pointing to the same memory location, causing unpredictable behavior if one object modifies or deletes the data. This unreliability can crash a program or corrupt data. If an attacker can trigger or influence this flawed copying process, they might exploit the resulting instability to cause a denial of service, leak information, or potentially execute arbitrary code by manipulating the program's memory state.
Common Consequences 1
Scope: Other

Impact: Reduce Reliability
References 1
Automated Source Code Reliability Measure (ASCRM)
Object Management Group (OMG)
01-2016
http://www.omg.org/spec/ASCRM/1.0/
ID: REF-961
Related Weaknesses
ChildOf: Insufficient Adherence to Expected Conventions (CWE-1076)
Taxonomy Mapping
  • OMG ASCRM