...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Include Page | LDRA_V | LDRA_V | 42 D | Fully implemented. | |||||
Fortify SCA | V. 7.6.0 | Can detect violations when an array is declared in a function and then a pointer to that array is returned. | |||||||
| Splint | |||||||||
| Include Page | Splint_V | Splint_V | Compass/ROSE | Can detect violations of this rule. It automatically detects returning pointers to local variables. Detecting more general cases, such as examples where static pointers are set to local variables which then go out of scope would be difficult. | |||||
| RETURN_LOCAL | Finds many instances where a function will return a pointer to a local stack variable. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary. | |||||||
Fortify SCA | 7.6.0 | Can detect violations when an array is declared in a function and then a pointer to that array is returned. | |||||||
| LOCRET.* | ||||||||
| 42 D | Fully implemented. | |||||||
| PRQA QA-C |
| 3217 | Partially implemented. | ||||||
| Splint |
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
| CERT C++ Secure Coding Standard | DCL30-CPP. Declare objects with appropriate storage durations |
|---|---|
| ISO/IEC TR 17961 | (Draft) Escaping of the address of an automatic object [addrescape] |
| ISO/IEC TR 24772 | Dangling references to stack frames [DCM] |
| MISRA-C | Rule 8.6 (required): Functions shall be declared at file scope |
Bibliography
| [Coverity 2007] | |
|---|---|
| [ISO/IEC 9899:2011] | Section 6.2.4, "Storage Durations of Objects," and section 7.22.3, "Memory Management Functions"" |