SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 113

changes.mady.by.user Martin Sebor

Saved on

compared with

New Version 114

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Linked to defined terms.

Wiki Markup
Local, automatic variables can assume unexpected values if they are used before they are initialized. C99 specifies, "If an object that has automatic storage duration is not initialized explicitly, its value is [indeterminate| BB. Definitions#indeterminate value]" \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] (see also [undefined behavior 10 | CC. Undefined Behavior#ub_10] of Annex J). In the common case, on [implementations| BB. Definitions#implementation] that make use of a program stack, this value defaults to whichever values are currently stored in stack memory. While uninitialized memory often contains zeroes, this is not guaranteed. On implementations that include [trap representations|BB. Definitions#trap representation], reading an uninitialized object of any type other than {{unsigned char}} (i.e., including {{int}}) may trigger a trap (see [undefined behavior 11 | CC. Undefined Behavior#ub_11] of Annex J). Consequently, uninitialized memory can cause a program to behave in an unpredictable or unplanned manner, lead to [undefined behavior | BB. Definitions#undefined behavior], and may provide an avenue for attack.

...

Wiki Markup
In this noncompliant code example, the programmer mistakenly fails to set the local variable {{error_log}} to the {{msg}} argument in the {{report_error()}} function \[[mercy 06|AA. C References#mercy 06]\].  Because {{error_log}} has not been initialized, on architectures making use of a program stack, it assumes the value already on the stack at this location, which is a pointer to the stack memory allocated to the {{password}} array.  The {{sprintf()}} call copies data in {{password}} until a null byte is reached. If the length of the string stored in the {{password}} array is greater than the size of the {{buffer}} array, then a buffer overflow occurs.

...

Wiki Markup
\[[Flake 06|AA. C References#Flake 06]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.8, "Initialization"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "LAV Initialization of Variables"
\[[mercy 06|AA. C References#mercy 06]\]
\[[xorl 2009|AA. C References#xorl 2009]\] ["CVE-2009-1888: SAMBA ACLs Uninitialized Memory Read"|http://xorl.wordpress.com/2009/06/26/cve-2009-1888-samba-acls-uninitialized-memory-read/]

...