...
Recursively reentering a function during the initialization of one of its static objects can result in an attacker being able to cause a crash or denial of service. Indeterminately ordered dynamic initialization can lead to undefined behavior due to accessing an uninitialized object.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
DCL56-CPP | Low | Unlikely | Medium | P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| LANG.STRUCT.INIT.CYCLE LANG.STRUCT.INIT.UNORDERED | Initialization Cycle Unordered Initialization | ||||||
Helix QAC |
| C++1552, C++1554, C++1704 | |||||||
LDRA tool suite |
| 6 D | Enhanced Enforcement | ||||||
Parasoft C/C++test |
| CERT_CPP-DCL56-a | Avoid initialization order problems across translation units by replacing non-local static objects with local static objects | ||||||
Polyspace Bug Finder |
| CERT C++: DCL56-CPP | Checks for:
Rule fully covered. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
[ISO/IEC 14882-2014] | Subclause 3.6.2, "Initialization of Non-local Variables" |
...
...