ITER.INAPPROPRIATE.MULTIPLE

Iterators with inappropriate container object

The ITER checkers find problems with iterators in containers. The ITER.INAPPROPRIATE.MULTIPLE checker flags instances in which two iterators assigned to different containers are used together with a third container.

Vulnerability and risk

Using an invalid iterator typically results in undefined behavior. For example, using the iterator in the wrong container can result in unpredictable program actions. Code in which an iterator is used in an inappropriate container always provides a false result, so the algorithm won't behave as expected or intended.

Vulnerable code example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
   #include <set>
   using namespace std;
    
 
   void foo(set<int>& cont1, set<int>& cont2, set<int>& cont3)
   {
       set<int>::iterator i = cont1.find(100);
       set<int>::iterator j = cont2.find(200);
       cont3.insert(i, j);
  }
   
  int main() 
  {
      return 0;
  }

In this example, iterator 'i' and iterator 'j', assigned to 'cont1' and 'cont2', respectively, are used to specify a range for 'cont3', which will produce undefined results. Klocwork reports ITER.INAPPROPRIATE.MULTIPLE at line 9.

Related checkers

• ITER.INAPPROPRIATE
• ITER.INAPPROPRIATE.MULTIPLE
• ITER.CONTAINER.MODIFIED
• ITER.END.DEREF.MIGHT
• ITER.END.DEREF.MUST

External guidance

• ARR34-CPP: Use valid iterator ranges

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning C/C++ analysis for more information.