...
The lifetime of an object is the portion of program execution during which storage is guaranteed to be reserved for it. An object exists, has a constant address, and retains
its last-stored value throughout its lifetime. If an object is referred to outside of its lifetime, the behavior is undefined. The value of a pointer becomes indeterminate when
the object it points to reaches the end of its lifetime.
Non-Compliant Code Example 1
This non-compliant code example declares the variable p as a pointer to a constant char with file scope. The value of str is assigned to p within the dont_do_this() function. However, str has automatic storage duration so the lifetime of str ends when the dont_do_this() function exits.
...
As a result of this undefined behavior, it is likely that p will refer to the string literal "Surprise, surprise" after the call to the innocuous() function.
Compliant Solution 1
In this compliant solution, the pointer to the constant char p is moved within the this_is_OK() to prevent this variable from being accessed outside of the function.
| Code Block | ||
|---|---|---|
| ||
void this_is_OK() {
char const str[] = "Everything OK";
char const *p = str;
/* ... */
}
/* pointer p is now inaccessible outside the scope of string str */
|
Non-Compliant Code Example 2
In this example, the function func() incorrectly returns an automatic pointer from a function.
| Code Block |
|---|
char * func() {
char * loc_ptr = malloc(10);
if (loc_ptr == NULL) {
/* Handle Error Condition */
}
/* ... */
return loc_ptr;
}
|
Risk Assessment
Referencing an object outside of its lifetime could result in an attacker being able to run arbitrary code.
...