...
| Code Block | ||
|---|---|---|
| ||
const char *p;
void dont_do_this(void) {
const char str[] = ""This will change"";
p = str; /* dangerous */
/* ... */
}
void innocuous(void) {
const char str[] = ""Surprise, surprise"";
}
/* ... */
dont_do_this();
innocuous();
/* p might be pointing to ""Surprise, surprise"" */
|
As a result of this undefined behavior, it is likely that p will refer to the string literal "Surprise, surprise" after the call to the innocuous() function.
...
| Code Block | ||
|---|---|---|
| ||
void this_is_OK(void) {
const char str[] = ""Everything OK"";
const char *p = str;
/* ... */
}
/* p is inaccessible outside the scope of string str */
|
...
| Code Block | ||
|---|---|---|
| ||
const char *p;
void is_this_OK(void) {
const char str[] = ""Everything OK?"";
p = str;
/* ... */
p = NULL;
}
|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
This rule appears in the C++ Secure Coding Standard as DCL30-CPP. Declare objects with appropriate storage durations.
References
| Wiki Markup |
|---|
\[[Coverity 07|AA. C References#Coverity 07]\] \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.4, ""Storage durations of objects,"" and Section 7.20.3, ""Memory management functions"" \[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] ""DCM Dangling references to stack frames"" \[[MISRA 04|AA. C References#MISRA 04]\] Rule 8.6 |
...
DCL15-C. Declare objects that do not need external linkage with the storage-class specifier static 02. Declarations and Initialization (DCL)