...
Do not reenter a function during the initialization of a static variable declaration. If a function is reentered during the constant initialization of a static object inside that function, the behavior of the program is undefined. Infinite recursion is not required to trigger undefined behavior, the function need only recur once as part of the initialization.
...
This noncompliant example attempts to implement an efficient factorial function using caching. Since Because the initialization of the static local array cache involves recursion, the behavior of the function is undefined, even though the recursion is not infinite.
...
This compliant solution avoids initializing the static local array cache and instead relies on zero-initialization to determine whether each member of the array has been assigned a value yet and, and if not, recursively computes compute its value. It then returns the cached value when possible , or computes the value as needed.
...
Recursively reentering a function during the initialization of one of its static objects can result in an attacker being able to cause a crash or denial of service.
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
| DCL56-CPP | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
Bibliography
| [ISO/IEC 14882-2014] | 6.7, "Declaration Statement" |
...