...
Consequently, if a function call's return value contains an array, that array should never be accessed or modified within the expression.
...
Noncompliant Code Example
The following non-compliant noncompliant code attempts to retrieve an array from a struct that is returned by a function call.
...
- In C, the lifetime of a return value ends at the next sequence point. Therefore Consequently by the time
printf()is called, thestructreturned by theaddressee()call is no longer considered valid, and may have been overwritten. - C function arguments are passed by value. ThusAs a result, copies are made of all objects generated by the arguments. For example, a copy is made of the pointer to
"Hello, %s!\n". Under most circumstances, these copies protect one from the effects of sequence points described above. - Finally, C implicitly converts arrays to pointers when passing them as function arguments. This means that in the previous point, a copy is made of the pointer to the
addresee().aarray, and that pointer copy is passed toprintf(). But the array data itself is not copied, and no longer exists whenprintf()is called.
Therefore Consequently when printf() tries to dereference the pointer passed as its 2nd argument, it will likely find garbage.
...