You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 59 Next »

Local, automatic variables can assume unexpected values if they are used before they are initialized. C99 specifies "If an object that has automatic storage duration is not initialized explicitly, its value is indeterminate" [[ISO/IEC 9899-1999]]. In practice, this value defaults to whichever values are currently stored in stack memory. While uninitialized memory often contains zero, this is not guaranteed. Consequently, uninitialized memory can cause a program to behave in an unpredictable or unplanned manner and may provide an avenue for attack.

In most cases compilers warn about uninitialized variables. These warnings should be resolved as recommended by MSC00-A. Compile cleanly at high warning levels.

Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.

Risk Assessment

Accessing uninitialized variables generally leads to unexpected program behavior. In some cases these types of flaws may allow the execution of arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP33-C

3 (high)

1 (unlikely)

2 (medium)

P6

L2

Automated Detection

The Coverity Prevent UNINIT checker can find cases of an uninitialized variable being used before it is initialized, although it cannot detect cases of uninitialized members of a struct. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[mercy 06]]
[[ISO/IEC 9899-1999]] Section 6.7.8, "Initialization"
[Halvar]


EXP32 NCCE      03. Expressions (EXP)       EXP34-C. Ensure a pointer is valid before dereferencing it

  • No labels