...
Code Block | ||||
---|---|---|---|---|
| ||||
class S {
int v;
public:
S() : v(12) {} // Non-trivial constructor
void f();
};
void f() {
// ...
goto bad_idea;
// ...
S s; // Control passes over the declaration, so initialization does not take place.
bad_idea:
s.f();
} |
Compliant Solution
...
Code Block | ||||
---|---|---|---|---|
| ||||
class S {
int v;
public:
S() : v(12) {} // Non-trivial constructor
void f();
};
void f() {
S s;
// ...
goto bad_idea;
// ...
bad_idea:
s.f();
} |
Noncompliant Code Example
...
Referencing an object outside of its lifetime can result in an attacker being able to run arbitrary code.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP54-CPP | High | Probable | High | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| return-reference-local dangling_pointer_use | Partially checked | ||||||
Clang |
| -Wdangling-initializer-list | Catches some lifetime issues related to incorrect use of std::initializer_list<> | ||||||
CodeSonar |
| IO.UAC | Use after close Use after free |
Helix QAC |
|
|
|
C++4003, C++4026 DF2812, DF2813, DF2814, DF2930, DF2931, DF2932, DF2933, DF2934, | ||||||||
Klocwork |
| CL.FFM.ASSIGN CL.FFM |
.COPY LOCRET.ARG LOCRET.GLOB LOCRET.RET UFM.DEREF.MIGHT UFM.DEREF.MUST UFM.FFM.MIGHT UFM.FFM.MUST UFM.RETURN.MIGHT UFM.RETURN.MUST UFM.USE.MIGHT UFM.USE.MUST UNINIT.HEAP.MIGHT UNINIT.HEAP.MUST UNINIT.STACK.ARRAY.MIGHT UNINIT.STACK.ARRAY.MUST UNINIT.STACK.ARRAY.PARTIAL.MUST UNINIT.STACK.MIGHT UNINIT.STACK.MUST |
LDRA tool suite |
| 42 D, 53 D, 77 D, 1 J, 71 S, 565 S | Partially implemented | ||||||
Parasoft C/C++test |
| CERT_CPP-EXP54-a | Do not use resources that have been freed | |||||||
Parasoft Insure++ | Runtime detection | ||||||||
Polyspace Bug Finder |
| CERT C++: EXP54-CPP | Checks for:
Rule partially covered. | ||||||
PVS-Studio |
| V758, V1041, V1099 | |||||||
RuleChecker |
| return-reference-local | Partially checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
[Coverity 2007] |
[ISO/IEC 14882-2014] | Subclause 3.8, "Object Lifetime" Subclause 8.5.4, "List-Initialization" |
...