...
In this compliant solution, the inner lambda captures i by copy instead of by reference:.
| Code Block | ||||
|---|---|---|---|---|
| ||||
auto g(int val) {
auto outer = [val] {
int i = val;
auto inner = [i] {
return i + 30;
};
return inner;
};
return outer();
}
void f() {
auto fn = g(12);
int j = fn();
} |
...
Referencing an object outside of its lifetime can result in an attacker being able to run arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP61-CPP | High | Probable | High | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description |
|---|
| Astrée |
| invalid_pointer_dereference | |||||||
| Helix QAC |
| DF4706, DF4707, DF4708 | |||||||
| Klocwork |
| LOCRET.RET | |||||||
| Parasoft C/C++test |
| CERT_CPP-EXP61-a | Never return lambdas that capture local objects by reference | ||||||
| Polyspace Bug Finder |
| CERT C++: EXP61-CPP | Checks for situations where object escapes scope through lambda expressions (rule fully covered) | ||||||
| PVS-Studio |
| V1047 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
...