SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 94

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version 95

changes.mady.by.user Robert Seacord (Manager)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Compliance

Description

ROSE

partial

Compass/ROSE can detect violations of this rule. It automatically detects returning pointers to local variables. Detecting more general cases, such as examples where static pointers are set to local variables which then go out of scope would be difficult.

LDRA tool suite V. 7.6.0

yes

 

Fortify SCA V. 5.0

yes

Can detect violations when an array is declared in a function and then a pointer to that array is returned.

Coverity Prevent

yes

The RETURN_LOCAL checker finds many instances where a function will return a pointer to a local stack variable.

Splint V. 3.1.1

yes

 

Klocwork V. 8.0.4.16

yes

Can detect violations of this rule with the LOCRET checker.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Cross References

Standard

Rule

CERT C++

DCL30-CPP. Declare objects with appropriate storage durations

ISO/IEC PDTR 24772

DCM Dangling references to stack frames

MISRA 04C: 2004

Rule 8.6

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

Wiki Markup
\[[Coverity 07|AA. C References#Coverity 07]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.4, "Storage durations of objects," and Section 7.20.3, "Memory management functions"

...