Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider

...

Code Block
bgColor#FFCCCC
const char *p;
void dont_do_this(void) {
    const char str[] = ""This will change"";
    p = str; /* dangerous */
    /* ... */
}

void innocuous(void) {
    const char str[] = ""Surprise, surprise"";
}
/* ... */
dont_do_this();
innocuous();
/* p might be pointing to ""Surprise, surprise"" */

As a result of this undefined behavior, it is likely that p will refer to the string literal "Surprise, surprise" after the call to the innocuous() function.

...

Code Block
bgColor#ccccff
void this_is_OK(void) {
    const char str[] = ""Everything OK"";
    const char *p = str;
    /* ... */
}
/* p is inaccessible outside the scope of string str */

...

Code Block
bgColor#ccccff
const char *p;
void is_this_OK(void) {
    const char str[] = ""Everything OK?"";
    p = str;
    /* ... */
    p = NULL;
}

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL30-C

high

probable

high

P6

L2

Automated Detection

The LDRA tool suite Version 7.6.0 can detect violations of this rule.

Fortify SCA Version 5.0 can detect violations when an array is declared in a function and then a pointer to that array is returned.

Splint Version 3.1.1 can detect violations of this rule.

Compass/ROSE can detect violations of this rule. It automatically detects returning pointers to local variables. Detecting more general cases, such as examples where static pointers are set to local variables which then go out of scope would be difficult.

The Coverity Prevent RETURN_LOCAL checker finds many instances where a function will return a pointer to a local stack variable. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.

...

Tool

Compliance

GCC

n/a

Rose

partial

LDRA

yes

Fortify

yes

Coverity

RETURN_LOCAL

Splint

yes

Klocwork

LOCRET

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

...

Cross References

Standard

Document

Cert C

n/a

Cert C++

DCL30-CPP. Declare objects with appropriate storage durations

Cert Java

n/a

MISRA

Rule 8.6

CWE

n/a

References

Wiki Markup
\[[Coverity 07|AA. C References#Coverity 07]\]
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.4, ""Storage durations of objects,"" and Section 7.20.3, ""Memory management functions""
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] ""DCM Dangling references to stack frames""
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 8.6

...

DCL16-C. Use 'L', not 'l', to indicate a long value            02. Declarations and Initialization (DCL)