...
The lifetime of an object is the portion of program execution during which storage is guaranteed to be reserved for it. An object exists, has a constant address, and retains
its last-stored value throughout its lifetime. If an object is referred to outside of its lifetime, the behavior is undefined. The value of a pointer becomes indeterminate when
the object it points to reaches the end of its lifetime.
Non-Compliant Code Example
This non-compliant code example declares the variable p as a pointer to a constant char with file scope. The value of str is assigned to p within the dontDoThis() function. However, str has automatic storage duration so the lifetime of str ends when the dontDoThis() function exits.
...
As a result of this undefined behavior, it is likely that p will refer to the string literal "Surprise, surprise" after the call to the innocuous() function.
Compliant Solution
In this compliant solution, the pointer to the constant char p is moved within the thisIsOK() to prevent this variable from being accessed outside of the function.
| Code Block | ||
|---|---|---|
| ||
void thisIsOK() {
const char str[20] = "Everything OK";
const char *p = str;
...
}
// pointer p is now inaccessible outside the scope of string str
|
Exception
It is acceptable to give access to local static variables.
Risk Assessment
Allowing a function to return or give access to references and pointers to local non-static variables outside of their scope results in a "dangling" pointer, which could allow an attacker to run arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DAN30-C | 3 (high) | 2 (probable) | 1 (high) | P6 | L2 |
References
- ISO/IEC 9899-1999 Section 6.2.4, "Storage durations of objects," Section 7.20.3, "Memory management functions"