SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 130

changes.mady.by.user Astha Singhal

Saved on

compared with

New Version 131

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Local, automatic variables can assume unexpected values if they are used before they are initialized. C99 specifies The C standard specifies, "If an object that has automatic storage duration is not initialized explicitly, its value is indeterminate" [ISO/IEC 9899:19992011]. (See also undefined behavior 10 of Annex J.)

...

In most cases, compilers warn about uninitialized variables, discussed in recommendation MSC00-C. Compile cleanly at high warning levels.

...

This defect results from a failure to consider all possible data states. (See recommendation MSC01-C. Strive for logical completeness.) Once the problem is identified, it can be trivially repaired by accounting for the possibility that number can be equal to 0.

...

This solution is still problematic because a buffer overflow will occur if the null-terminated byte string referenced by msg is greater than 17 bytes, including the NULL terminator. The solution also makes use of a "magic number," which should be avoided. (See recommendation DCL06-C. Use meaningful symbolic constants to represent literal values.)

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP33-C

high

probable

medium

P12

L1

Automated Detection

ToolVersionCheckerDescription

LDRA tool suite

Include Page
V. 8.5.4
LDRA_V
LDRA_V

57 D
69 D

Fully implemented.

Fortify SCA  

Can detect violations of this rule, but will return false positives if the initialization
was done in another functionanother function.

SplintV. 3.1.1  
GCCV . 4.3.5 

Can detect some   some   violations of this rule when the -Wuninitialized flag is used.

Compass/ROSE  

Automatically   Automatically   detects simple violations of this rule, although it may return some false
positives. It may not catch more complex violations, such as initialization within
functions taking uninitialized variables as arguments. It does catch the second
noncompliant code example, and can be extended to catch the first as first as well.

Coverity Prevent

V. 5.0

NO_EFFECTCan find cases of

  an uninitialized variable being used before it is initialized, although
it cannot detect cases of uninitialized members of a struct. Because Coverity Prevent

cannot discover all violations of this rule further verification is necessary.Klocwork

V. 9.1

UNINIT.HEAP.MIGHT
UNINIT.HEAP.MUST
UNINIT.STACK.ARRAY.MIGHT
UNINIT.STACK.ARRAY.MUST
UNINIT.STACK.ARRAY.PARTIAL.MUST
UNINIT.STACK.MUST

 Can find cases of   an uninitialized variable being used before it is initialized, although it cannot detect cases of uninitialized members of a struct. Because Coverity Prevent cannot discover all violations of this rule further verification is necessary.

 

Related Vulnerabilities

CVE-2009-1888 results from a violation of this recommendation. Some versions of SAMBA (up to 3.3.5) call a function which takes in two potentially unitiliazed variables involving access rights. An attacker can exploit this to bypass the access control list and gain access to protected files [xorl 2009].

...

CERT C++ Secure Coding Standard: EXP33-CPP. Do not reference uninitialized memory

ISO/IEC 9899:19992011 Section 6.7.89, "Initialization"

ISO/IEC TR 24772 "LAV Initialization of Variables"

...