SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 35

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider (sch jbop) (X_X)@==(Q_Q)@

...

Code Block
bgColor#FFCCCC
char const *p;
void dont_do_this() {
    char const str[] = "This will change";
    p = str; /* dangerous */
    /* // ... */
}

void innocuous() {
    char const str[] = "Surprise, surprise";
}
/* // ... */
dont_do_this();
innocuous();
/* now, it is likely that p is pointing to "Surprise, surprise" */

...

Code Block
bgColor#ccccff
void this_is_OK() {
    char const str[] = "Everything OK";
    char const *p = str;
    /* // ... */
}
/* pointer p is now inaccessible outside the scope of string str */

...

Code Block
bgColor#ccccff
char const *p;
void is_this_OK() {
    char const str[] = "Everything OK?";
    p = str;
    /* // ... */
    p = NULL;
}

Non-Compliant Code Example (Return Values)

...

Code Block
bgColor#ccccff
int main(int argc, char *argv[]) {
   char array[10];
   init_array(array);
   /* // ... */
   return 0;
}


void init_array(char array[]) {
   /* Initialize array */
   return;
}

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

The Coverity Prevent RETURN_LOCAL checker finds many instances where a function will return a pointer to a local stack variable.

...