SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 78

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 79

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Reverted from v. 77

...

Code Block
bgColor#FFCCCC
const char *p;
void dont_do_this(void) {
    const char str[] = ""This will change"";
    p = str; /* dangerous */
    /* ... */
}

void innocuous(void) {
    const char str[] = ""Surprise, surprise"";
}
/* ... */
dont_do_this();
innocuous();
/* p might be pointing to ""Surprise, surprise"" */

As a result of this undefined behavior, it is likely that p will refer to the string literal "Surprise, surprise" after the call to the innocuous() function.

...

Code Block
bgColor#ccccff
void this_is_OK(void) {
    const char str[] = ""Everything OK&quot";;
    const char *p = str;
    /* ... */
}
/* p is inaccessible outside the scope of string str */

...

Code Block
bgColor#ccccff
const char *p;
void is_this_OK(void) {
    const char str[] = ""Everything OK?&quot";;
    p = str;
    /* ... */
    p = NULL;
}

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL30-C

high

probable

high

P6

L2

Automated Detection

...

Tool

...

Compliance

...

GCC

...

n/a

...

Rose

...

partial

...

LDRA

...

yes

...

Fortify

...

yes

...

Coverity

...

RETURN_LOCAL

...

Splint

...

yes

The LDRA tool suite Version 7.6.0 can detect violations of this rule.

Fortify SCA Version 5.0 can detect violations when an array is declared in a function and then a pointer to that array is returned.

Splint Version 3.1.1 can detect violations of this rule.

Compass/ROSE can detect violations of this rule. It automatically detects returning pointers to local variables. Detecting more general cases, such as examples where static pointers are set to local variables which then go out of scope would be difficult.

The Coverity Prevent RETURN_LOCAL checker finds many instances where a function will return a pointer to a local stack variable. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.

Klocwork Version 8.0.4.16 can detect violations of this rule with the LOCRET checker.

...

Klocwork

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as DCL30-CPP. Declare objects with appropriate storage durations.

...

References

Wiki Markup
\[[Coverity 07|AA. C References#Coverity 07]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.4, ""Storage durations of objects,"" and Section 7.20.3, ""Memory management functions""
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] ""DCM Dangling references to stack frames""
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 8.6

...

DCL16-C. Use 'L', not 'l', to indicate a long value            02. Declarations and Initialization (DCL)