SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 4

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

An object has a storage duration that determines its lifetime. There are three storage durations: static, automatic, and allocated.

Wiki Markup
According to C99 \[[ISO/IEC 9899:199914882-2003|AA. C++ References#ISO/IEC 989914882-19992003]\]:

...

 Section 3.8, "Object Lifetime" describes a number of situations in which trying to access an object outside of its lifetime leads to undefined behavior.

Attempting to access an object outside of its lifetime can result in an exploitable vulnerability.

...

Code Block
bgColor#FFCCCC
const char *p;
void dont_do_this(void) {
    const char str[] = ""This will change&quot";;
    p = str; /* dangerous */
    /* ... */
}

void innocuous(void) {
    const char str[] = ""Surprise, surprise"";
}
/* ... */
dont_do_this();
innocuous();
/* p might be pointing to ""Surprise, surprise"" */

As a result of this undefined behavior, it is likely that p will refer to the string literal "Surprise, surprise" after the call to the innocuous() function.

...

Code Block
bgColor#ccccff
void this_is_OK(void) {
    const char str[] = ""Everything OK&quot";;
    const char *p = str;
    /* ... */
}
/* p is inaccessible outside the scope of string str */

...

Code Block
bgColor#ccccff
const char *p;
void is_this_OK(void) {
    const char str[] = ""Everything OK?&quot";;
    p = str;
    /* ... */
    p = NULL;
}

...

Wiki Markup
\[[Coverity 07|AA. C++ References#Coverity 07]\]
\[[ISO/IEC 9899:199914882-2003|AA. C++ References#ISO/IEC 989914882-19992003]\] Section 6.2.4, "Storage durations of objects," and Section 7.20.3, "Memory management functions" Sections 3.7, "Storage duration"; 3.8, "Object Lifetime"
\[[Henricson 97|AA. C++ References#Henricson 97]\] Rule 5.9, "A function must never return, or in any other way give access to, references or pointers to local variables outside the scope in which they are declared."
\[[Lockheed Martin 05|AA. C++ References#Lockheed Martin 05]\] AV Rule 111, "A function shall not return a pointer or reference to a non-static local object."
\[[ISO/IEC PDTR 24772|AA. C++ References#ISO/IEC PDTR 24772]\] ""DCM Dangling references to stack frames""
\[[MISRA 04|AA. C++ References#MISRA 04]\] Rule 8.6

...