...
| Code Block | ||
|---|---|---|
| ||
void thisIsOK() {
const char str[20] = "Everything OK";
const char *p = str;
...
}
// pointer p is now inaccessible outside the scope of string str
|
Exception
It is acceptable to give access to local static variables.
Risk Assessment
Risk Assessment
Referencing an object outside of its lifetime could result in an attacker being able Allowing a function to return or give access to references and pointers to local non-static variables outside of their scope results in a "dangling" pointer, which could allow an attacker to run arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DAN30 DCL30-C | 3 (high) | 2 (probable) | 1 (high) | P6 | L2 |
...