...
Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.
Automated Detection
The Coverity Prevent RETURN_LOCAL checker finds many instances where a function will return a pointer to a local stack variable.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.4, "Storage durations of objects," and Section 7.20.3, "Memory management functions" |