...
Reading uninitialized variables is undefined behavior and can result in unexpected program behavior. In some cases, these security flaws may allow the execution of arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP53-CPP | High | Probable | Medium | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| uninitialized-read | Partially checked | ||||||
| Clang |
| -Wuninitialized clang-analyzer-core.UndefinedBinaryOperatorResult | Does not catch all instances of this rule, such as uninitialized values read from heap-allocated memory. | ||||||
| CodeSonar |
| LANG.STRUCT.RPL | Return pointer to local Uninitialized variable | ||||||
| Helix QAC |
| DF726, DF2727, DF2728, DF2961, DF2962, DF2963, DF2966, DF2967, DF2968, DF2971, DF2972, DF2973, DF2976, DF2977, DF978 | |||||||
| Klocwork |
| UNINIT.CTOR.MIGHT UNINIT.CTOR.MUST UNINIT.HEAP.MIGHT UNINIT.HEAP.MUST UNINIT.STACK.ARRAY.MIGHT UNINIT.STACK.ARRAY.MUST UNINIT.STACK.ARRAY.PARTIAL.MUST UNINIT.STACK.MIGHT UNINIT.STACK.MUST |
| LDRA tool suite |
| 53 D, 69 D, 631 S, 652 S | Partially implemented | ||||||
| Parasoft C/C++test |
| CERT_CPP-EXP53-a | Avoid use before initialization |
| Parasoft Insure++ |
| Runtime detection | |||||||||
| Polyspace Bug Finder |
| CERT C++: EXP53-CPP | Checks for:
Rule partially covered. | ||||||
| PVS-Studio |
| V546, V573, V614, V670, V679, V730, V788, V1007, V1050 | |||||||
| RuleChecker |
| uninitialized-read | Partially checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
| [ISO/IEC 14882-2014] | Clause 5, "Expressions" Subclause 5.3.4, "New" Subclause 8.5, "Initializers" Subclause 12.6.2, "Initializing Bases and Members" |
| [Lockheed Martin 2005] | Rule 142, All variables shall be initialized before use |
...
...