SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 134

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 135

changes.mady.by.user Pranjal Jumde

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
langc
void squirrel_away(char **ptr_param) {
   char local[10];
   /* Initialize array */
   *ptr_param = local;
}

void rodent() {
  char *ptr;
  squirrel_away(&ptr);
  /* ptr is live but invalid here */
}

Compliant Solution 

The variable local does not go out of scope for the entire program so, ptr is live and valid in the function rodent().

Code Block
bgColor#ccccff
langc
char local[10];
 
void squirrel_away(char **ptr_param) {
    /* Initialize array */
   *ptr_param = local;
}

void rodent() {
  char *ptr;
  squirrel_away(&ptr);
  /* ptr is live but invalid here */
}

Risk Assessment

Referencing an object outside of its lifetime can result in an attacker being able to run arbitrary code.

...