SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 39

changes.mady.by.user David Keaton

Saved on

compared with

New Version 40

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
char *init_array() {
   char array[10];
   /* Initialize array */
   return array;
}

On some compilers, compiling with sufficiently high warning levels will Some compilers generate a warning when a local stack variable is returned from a function. Compile your code at high warning levels and resolve any warnings MSC00-A. Compile cleanly at high warning levels.

Compliant Solution (Return Values)

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Automated Detection

The Coverity Prevent. The RETURN_LOCAL checker finds many instances where a function will return a pointer to a local stack variable. Coverity Prevent cannot discover all violations of this rule so further verification is necessary.

References

Wiki Markup
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.4, "Storage durations of objects," and Section 7.20.3, "Memory management functions"
\[[MITRECoverity 07|AA. C References#MITREReferences#Coverity 07]\] [CWE ID 415|http://cwe.mitre.org/data/definitions/415.html], "Double Free"; [CWE ID 416|http://cwe.mitre.org/data/definitions/416.html], "Use After Free"