An object has a storage duration that determines its lifetime. There are three storage durations: static, automatic, and allocated.
Wiki Markup
Attempting to access an object outside of its lifetime can result in an exploitable vulnerability.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL30-CPP | high | probable | high | P6 | L2 |
Automated Detection
The LDRA tool suite Version 7.6.0 can detect violations of this rule.
...
This rule appears in the C Secure Coding Standard as DCL30-C. Declare objects with appropriate storage durations.
Bibliography
...
\[[Coverity 07|AA. Bibliography#Coverity 07]\]
\[[ISO/IEC 14882-2003|AA. Bibliography#ISO/IEC ]
[ISO/IEC 14882-2003]\] Sections 3.7, "Storage duration"; 3.8, "Object Lifetime"
\[
[Henricson 97|AA. Bibliography#Henricson 97]\] Rule 5.9, "A function must never return, or in any other way give access to, references or pointers to local variables outside the scope in which they are declared."
\
[[Lockheed Martin 05|AA. Bibliography#Lockheed Martin 05] \] AV Rule 111, "A function shall not return a pointer or reference to a non-static local object."
\[
[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "DCM Dangling references to stack frames"
\
[[MISRA 04|AA. Bibliography#MISRA 04]\] Rule 8.6
...
DCL19-CPP. Initialize automatic local variables on declaration 02. Declarations and Initialization (DCL) DCL31-CPP. Do not define variadic functions