SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

An object has a storage duration that determines its lifetime. There are three storage durations: static, automatic, and allocated.

According to [[ISO/IEC 9899-1999]]:

The lifetime of an object is the portion of program execution during which storage is guaranteed to be reserved for it. An object exists, has a constant address, and retains
its last-stored value throughout its lifetime. If an object is referred to outside of its lifetime, the behavior is undefined. The value of a pointer becomes indeterminate when
the object it points to reaches the end of its lifetime.

Non-Compliant Code Example

This non-compliant code example declares the variable p as a pointer to a constant char with file scope. The value of str is assigned to p within the dontDoThis() function. However, str has automatic storage duration so the lifetime of str ends when the dontDoThis() function exits.

const char *p;
void dontDoThis() {
    const char str[20] = "This will change";
    p = str; // dangerous
    ...
}

void innocuous() {
    const char str[20] = "Surprise, surprise";
}
...
dontDoThis();
innocuous();
// now, it is likely that p is pointing to "Surprise, surprise"

As a result of this undefined behavior, it is likely that p will refer to the string literal "Surprise, surprise" after the call to the innocuous() function.

Compliant Solution

In this compliant solution, the pointer to the constant char p is moved within the thisIsOK() to prevent this variable from being accessed outside of the function.

void thisIsOK() {
    const char str[20] = "Everything OK";
    const char *p = str;
    ...
}
// pointer p is now inaccessible outside the scope of string str

Risk Assessment

Referencing an object outside of its lifetime could result in an attacker being able to run arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DCL30-C

3 (high)

2 (probable)

1 (high)

P6

L2

Examples of vulnerabilities resulting from the violation of this rule can be found on the CERTwebsite.

References

[[ISO/IEC 9899-1999]] Section 6.2.4, "Storage durations of objects," and Section 7.20.3, "Memory management functions"

  • No labels