SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Next »

An object has a storage duration that determines its lifetime. There are three storage durations: static, automatic, and allocated.

The lifetime of an object is the portion of program execution during which storage is guaranteed to be reserved for it. An object exists, has a constant address, and retains
its last-stored value throughout its lifetime. If an object is referred to outside of its lifetime, the behavior is undefined. The value of a pointer becomes indeterminate when
the object it points to reaches the end of its lifetime.

Non-Compliant Code Example

This non-compliant code example declares the variable p as a pointer to a constant char with file scope. The value of str is assigned to p within the dontDoThis() function. However, str has automatic storage duration so the lifetime of str ends when the dontDoThis() function exits. 

const char *p;
void dontDoThis() {
    const char str[20] = "This will change";
    p = str; // dangerous
    ...
}

void innocuous() {
    const char str[20] = "Surprise, surprise";
}
...
dontDoThis();
innocuous();
// now, it is likely that p is pointing to "Surprise, surprise"

As a result of this undefined behavior, it is likely that p will refer to the string literal "Surprise, surprise" after the call to the innocuous() function.

Compliant Solution

In this compliant solution, the pointer to the constant char p is moved within the thisIsOK() to prevent this variable from being accessed outside of the function.

void thisIsOK() {
    const char str[20] = "Everything OK";
    const char *p = str;
    ...
}
// pointer p is now inaccessible outside the scope of string str

Exception

It is acceptable to give access to local static variables.

Risk Assessment

Allowing a function to return or give access to references and pointers to local non-static variables outside of their scope results in a "dangling" pointer, which could allow an attacker to run arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

DAN30-C

3 (high)

2 (probable)

1 (high)

P6

L2

References

  • ISO/IEC 9899-1999 Section 6.2.4, "Storage durations of objects," Section 7.20.3, "Memory management functions"
  • No labels