...
| Code Block | ||
|---|---|---|
| ||
const char *p;
void dont_do_this(void) {
const char str[] = "This will change";
p = str; /* dangerous */
/* ... */
}
void innocuous(void) {
const char str[] = "Surprise, surprise";
}
/* ... */
dont_do_this();
innocuous();
/* p might be pointing to "Surprise, surprise" */
|
...
| Code Block | ||
|---|---|---|
| ||
void this_is_OK(void) {
const char str[] = "Everything OK";
const char *p = str;
/* ... */
}
/* p is inaccessible outside the scope of string str */
|
...
| Code Block | ||
|---|---|---|
| ||
const char *p;
void is_this_OK(void) {
const char str[] = "Everything OK?";
p = str;
/* ... */
p = NULL;
}
|
Noncompliant Code Example (Return Values)
...
| Code Block | ||
|---|---|---|
| ||
char *init_array(void) {
char array[10];
/* Initialize array */
return array;
}
|
Some compilers generate a warning when a pointer to an automatic variable is returned from a function, as in this example. Compile your code at high warning levels and resolve any warnings (see MSC00-C. Compile cleanly at high warning levels).
...
| Code Block | ||
|---|---|---|
| ||
void init_array(char array[]) {
/* Initialize array */
return;
}
int main(int argc, char *argv[]) {
char array[10];
init_array(array);
/* ... */
return 0;
}
|
Risk Assessment
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Cross References
Standard | Document Rule |
|---|---|
CERT C++ | DCL30-CPP. Declare objects with appropriate storage durations |
DCM Dangling references to stack frames | |
Rule 8.6 |
...