SEI CERT C++ Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 9 Next »

If a function is reentered during the initialization of a static object inside that function, the behavior of the program is undefined. Please note that this is a different problem is not the same as infinite recursion. For this problem to occur, a function only needs to recurse once.

[[ISO/IEC 14882-2003]] Section 6.7, "Declaration Statement" describes the initialization of static and thread storage duration objects. In the case of static objects, recursive reentry into the initialization of a static storage duration causes undefined behavior and various results can be obtained when using different compilers.

Noncompliant Code Example

This noncompliant code example declares the variable y as a static int. The value of test( x) is assigned to y within the test(int x) function. However, when test(int x) is called with an input which results in reaching the initialization of y more than once, such as the value 12, undefined behavior occurs. Note that this code does not present an infinite recursion and still causes the undefined behavior mentioned.

int test(int x){
  x--;
  if(x < 0 || x > 10)
  {
    return 0;
  }
  else
  {
    static int y = test(x);  //<--undefined behavior occurs here
    return y;
  }
}

The behavior observed from running this code under various compilers differs.

In gcc3, this code will recurse as if y were a non-static variable.

In gcc4, upon reaching the initialization of y for the second time, the program will terminate with the following message:

terminate called after throwing an instance of
'__gnu_cxx::recursive_init'
  what():  N9__gnu_cxx14recursive_initE
Aborted (core dumped)

Compliant Solution

In this compliant solution, y is declared before being assigned a value. According to [[ISO/IEC 14882-2003]] Section 6.7.4, the initialization of y will have been completed at the end of the declaration and before the assignment of a value, thus removing the possibility of undefined behavior.

int test(int x){
  x--;
  if(x < 0 || x > 10)
  {
    return 0;
  }
  else
  {
    static int y;
    y = test(x);  
    return y;
  }
}

Risk Assessment

Recursively reentering a function during the initialization of one of its static objects can result in an attacker being able to cause a crash or denial of service.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL38-CPP

med

unlikely

low

P6

L3

Automated Detection

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

References

[[ISO/IEC 14882-2003]] Section 6.7, "Declaration Statement"

DCL37-CPP. Overloaded postfix operators should return const      02. Declarations and Initialization (DCL)      03. Expressions (EXP)

  • No labels