...
As a result, objects of type T
with automatic or dynamic storage duration must be explicitly initialized before having their value read as part of an expression unless T
is a class type or an array thereof or is an unsigned narrow character type. If T
is an unsigned narrow character type, it may be used to initialize an object of unsigned narrow character type, which results in both objects having an indeterminate value. This technique can be used to implement copy operations such as std::memcpy()
without triggering undefined behavior.
Additionally, memory dynamically allocated with a new
expression is default-initialized when the new-initialized is omitted. Memory allocated by the standard library function std::calloc()
is zero-initialized. Memory allocated by the standard library function std::realloc()
assumes the values of the original pointer but may not initialize the full range of memory. Memory allocated by any other means ( std::malloc()
, allocator objects, operator new()
, and so on) is assumed to be default-initialized.
...
Reading uninitialized variables for creating entropy is problematic because these memory accesses can be removed by compiler optimization. VU925211 is an example of a vulnerability caused by this coding error [VU#925211].
Noncompliant Code Example
...
Reading uninitialized variables is undefined behavior and can result in unexpected program behavior. In some cases, these security flaws may allow the execution of arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP53-CPP | High | Probable | Medium | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| uninitialized-read | Partially checked | ||||||
Clang |
| -Wuninitialized clang-analyzer-core.UndefinedBinaryOperatorResult | Does not catch all instances of this rule, such as uninitialized values read from heap-allocated memory. | ||||||
CodeSonar |
| LANG.STRUCT.RPL | Return pointer to local Uninitialized variable | ||||||
Helix QAC |
| DF726, DF2727, DF2728, DF2961, DF2962, DF2963, DF2966, DF2967, DF2968, DF2971, DF2972, DF2973, DF2976, DF2977, DF978 | |||||||
Klocwork |
| UNINIT.CTOR.MIGHT UNINIT.CTOR.MUST UNINIT.HEAP.MIGHT UNINIT.HEAP.MUST UNINIT.STACK.ARRAY.MIGHT UNINIT.STACK.ARRAY.MUST UNINIT.STACK.ARRAY.PARTIAL.MUST UNINIT.STACK.MIGHT UNINIT.STACK.MUST | |||||||
LDRA tool suite |
| 53 D, 69 D, 631 S, 652 S | Partially implemented | ||||||
Parasoft C/C++test |
| CERT_CPP-EXP53-a | Avoid use before initialization |
Parasoft Insure++ | Runtime detection | ||||||||
Polyspace Bug Finder |
| CERT C++: EXP53-CPP | Checks for:
Rule partially covered. | ||||||
PVS-Studio |
| V546, V573, V614, V670, V679, V730, V788, V1007, |
V1050 | |||||||||
RuleChecker |
| uninitialized-read | Partially checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
[ISO/IEC 14882-2014] | Clause 5, "Expressions" Subclause 5.3.4, "New" Subclause 8.5, "Initializers" Subclause 12.6.2, "Initializing Bases and Members" |
[Lockheed Martin |
2005] | Rule 142, All variables shall be initialized before use |
...
...