Every object has a storage duration that determines its lifetime: static, thread, automatic, or allocated dynamic.
[ISO/IEC 14882-2003] Section 3.8, "Object Lifetime" describes a number of situations in which trying to access an object outside of its lifetime leads to undefined behavior.
...
In this compliant solution, the variable local has static storage duration; consequently, ptr can be used to reference the local array within the rodent() function:
| Code Block | ||||
|---|---|---|---|---|
| ||||
char local[10];
void squirrel_away(char **ptr_param) {
/* Initialize array */
*ptr_param = local;
}
void rodent(void) {
char *ptr;
squirrel_away(&ptr);
/* ptr is valid in this scope */
}
|
Risk Risk Assessment
Referencing an object outside of its lifetime can result in an attacker being able to run arbitrary code.
...
| CERT C Secure Coding Standard | |
| CERT C++ Secure Coding Standard | MSC00-CPP. Compile cleanly at high warning levels |
| SO/IEC TR 24772:2013 | Dangling References to Stack Frames [DCM] |
| ISO/IEC TS 17961 | Escaping of the address of an automatic object [addrescape] |
...
Bibliography
| [Coverity 2007] | |
| [ISO/IEC 14882-2003] | Sections 3.7, "Storage duration"; 3.8, "Object Lifetime" |
...