...
In this noncompliant code sample, the function squirrel_away() stores a pointer to local stack variable local into a location pointed to by function parameter ptr_param. Since it an be assumed that the pointer variable to which ptr_param points remains alive upon squirrel_away()'s return, it is illegal for local to go out of scope.
| Code Block |
|---|
void squirrel_away(char \**ptr_param) { |
...
char local[10]; |
...
/\* Initialize array \*/ |
...
\*ptr_param = local; |
...
} |
...
void rodent() { |
...
char \*ptr; |
...
squirrel_away(&ptr); |
...
/\* ptr is live but invalid here \*/ |
...
} |
Risk Assessment
Referencing an object outside of its lifetime can result in an attacker being able to run arbitrary code.
...