Page History

...

In this example, the function func() incorrectly returns an automatic a pointer from to a functionlocal stack variable.

char * func() {
   char * loc_ptr = malloc(10)a[10] ;
   if (loc_ptr == NULL) {/* ... */
   return   /* Handle Error Condition */ 
   }&a[0];
}

Compiling with appropriate warning levels

Compliant Solution 2

In this example, the function func() incorrectly returns a pointer to a local stack variable.

char * func() {
   char a[10] ;
   /* ... */
   return loc_ptr&a[0];
}

Risk Assessment

Referencing an object outside of its lifetime could result in an attacker being able to run arbitrary code.

...