Page History

Local, automatic variables can assume _unexpected_ values if they are used before they are initialized. \[[ISO/IEC 14882-2003|AA. References#ISOBibliography#ISO/IEC 14882-2003]\] Section 8.5, paragraph 9 says: "... if no initializer is specified for a nonstatic object, the object and its subobjects, if any, have an indeterminate initial value". In practice, this value defaults to whichever values are currently stored in stack memory. While uninitialized memory often contains zero, this is not guaranteed. Consequently, uninitialized memory can cause a program to behave in an unpredictable or unplanned manner and may provide an avenue for attack.

In this noncompliant code example, the programmer mistakenly fails to set the local variable {{error_log}} to the {{msg}} argument in the {{report_error()}} function \[[mercy 06|AA. References#mercyBibliography#mercy 06]\].  Because {{error_log}} has not been initialized, on architectures making use of a program stack, it assumes the value already on the stack at this location, which is a pointer to the stack memory allocated to the {{password}} array.  The {{sprintf()}} call copies data in {{password}} until a null byte is reached. If the length of the string stored in the {{password}} array is greater than the size of the {{buffer}} array, then a buffer overflow occurs.

\[[Flake 06|AA. References#FlakeBibliography#Flake 06]\]
\[[ISO/IEC 14882-2003|AA. References#ISOBibliography#ISO/IEC 14882-2003]\] Section 8.5 Initializers.
\[[Lockheed Martin 05|AA. References#LockheedBibliography#Lockheed Martin 05]\] AV Rule 142 All variables shall be initialized before use.
\[[ISO/IEC PDTR 24772|AA. References#ISOBibliography#ISO/IEC PDTR 24772]\] "LAV Initialization of Variables"
\[[mercy 06|AA. References#mercyBibliography#mercy 06]\]