...
In this noncompliant code sample, the function squirrel_away() stores a pointer to local stack variable local into a location pointed to by function parameter ptr_param. Since it an be assumed that the pointer variable to which ptr_param points remains alive upon squirrel_away()'s return, it is illegal for local to go out of scope.
| Code Block | ||
|---|---|---|
| ||
void squirrel_away(char \**ptr_param) { char local[10]; /\* Initialize array \*/ \ *ptr_param = local; } void rodent() { char \*ptr; squirrel_away(&ptr); /\* ptr is live but invalid here \*/ } |
Risk Assessment
Referencing an object outside of its lifetime can result in an attacker being able to run arbitrary code.
...