...
In this noncompliant code example, the class member variable C c is not explicitly initialized by a ctor-initializer in the default constructor. Despite the local variable o s being default-initialized, the use of C c within the call to S::f() results in the evaluation of an object with indeterminate value, resulting in undefined behavior.
| Code Block | ||||
|---|---|---|---|---|
| ||||
class S {
int c;
public:
int f(int i) const { return i + c; }
};
void f() {
S os;
int i = os.f(10);
} |
Compliant Solution
In this compliant solution, S is given a default constructor that initializes the class member variable Cc:
| Code Block | ||||
|---|---|---|---|---|
| ||||
class S {
int c;
public:
S() : c(0) {}
int f(int i) const { return i + c; }
};
void f() {
S os;
int i = os.f(10);
} |
Risk Assessment
Reading uninitialized variables is undefined behavior and can result in unexpected program behavior. In some cases, these security flaws may allow the execution of arbitrary code.
...