...
In this compliant solution, p is declared with the same scope as c_str, preventing p from taking on an indeterminate value outside of this_is_OK():
| Code Block | ||||
|---|---|---|---|---|
| ||||
void this_is_OK(void) {
const char c_str[] = "Everything OK";
const char *p = c_str;
/* ... */
}
/* p is inaccessible outside the scope of string c_str */
|
...
If it is necessary for p to be defined with static storage duration but c_str with a more limited duration, then p can be set to NULL before c_str is destroyed. This practice prevents p from taking on an indeterminate value, although any references to p must check for NULL.
...
In this noncompliant code sample, the function squirrel_away() stores a pointer to local stack variable local into a location pointed to by function parameter ptr_param. Upon the return of squirrel_away(), the pointer ptr_param points to a variable that has an expired lifetime.
...
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...