...
In the common case, on implementations that make use of a program stack, this value defaults to whichever values are currently stored in stack memory. Uninitialized memory often contains—but is not guaranteed to contain—zeros. Uninitialized memory has indeterminate value, which for objects of some types can be a trap representation. Reading uninitialized memory by an lvalue of a type other than unsigned char is undefined behavior, (see undefined behavior 10 and undefined behavior 12 in Annex J of the C Standard), ; it can cause a program to behave in an unexpected manner and provide an avenue for attack.
...
In this noncompliant code example, the set_flag() function is intended to set the variable sign to -1 when number is negative or 1. However, the programmer neglected to account for number being 0. If number is 0, then sign remains uninitialized. Because sign is uninitialized, assuming that the architecture makes use of a program stack, it uses whatever value is at that location in the program stack (assuming that the architecture makes use of a program stack). This may can lead to unexpected or otherwise incorrect program behavior.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
int do_auth(void) {
char *username;
char *password;
/* Get username and password from user, return -1 if invalid */
}
void report_error(const char *msg) {
const char *error_log;
char buffer[24];
sprintf(buffer, "Error: %s", error_log);
printf("%s\n", buffer);
}
int main(void) {
if (-1 == do_auth() == -1) {
report_error("Unable to login");
}
return 0;
}
|
...