SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 14

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 15

changes.mady.by.user Jeffrey Gennari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Compiling with appropriate warning levels should generate a warning when a local stack variable is returned from a function.

Compliant Solution 2

In Correcting this example , the function depends on the intent of the programmer. If the intent is to modify the value of a and have it available outside of func() incorrectly returns a pointer to a local stack variable, then a can be declared elsewhere and passed as an parameter to func().

Code Block
charvoid * func() {
   char a[10]) ;{
   /* ... Operate on a */
   return &a[0];
}

Risk Assessment

Referencing an object outside of its lifetime could result in an attacker being able to run arbitrary code.

...