...
If an attempt is made to modify the result of a function call or to access it after the next sequence point, the behavior is undefined.
Non-Compliant Code Example
In C, the lifetime of a return value ends at the next sequence point.
...
This program has undefined behavior because there is a sequence point before printf() is called, and printf() accesses the result of the call to addressee().
Implementation Details
This code compiles cleanly and runs without error under Microsoft Visual C++ Version 8.0. On gcc version 4.1, the program compiles with a warning when the -Wall switch is used and execution on Linux results in a segmentation fault.
Compliant Solution
This compliant solution does not have undefined behavior because the structure returned by the call to addressee() is stored is stored as the variable my_x before calling the printf() function.
| Code Block | ||
|---|---|---|
| ||
#include <stdio.h>
struct X { char a[6]; };
struct X addressee() {
struct X result = { "world" };
return result;
}
int main(void) {
struct X my_x = addressee();
printf("Hello, %s!\n", my_x.a);
return 0;
}
|
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP34 EXP35-C | 1 (low) | 1 (low) | 3 (medium) | P3 | L3 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]] Section 6.5.2.2, "Function calls" |