Page History

...

In this compliant solution, the inner lambda captures i by copy instead of by reference:.

Code Block

bgColor	#ccccff
lang	cpp

auto g(int val) {
  auto outer = [val] {
    int i = val;
    auto inner = [i] {
      return i + 30;
    };
    return inner;
  };
  return outer();
}

void f() {
  auto fn = g(12);
  int j = fn();
}

...

Referencing an object outside of its lifetime can result in an attacker being able to run arbitrary code.

Rule	Severity	Likelihood	Detectable

Remediation Cost

Repairable	Priority	Level
EXP61-CPP	High	Probable	No

High

No

P6

L2

Automated Detection

Tool	Version	Checker	Description

Astrée

Include Page

	Astrée_V
	Astrée_V

invalid_pointer_dereference

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

DF4706, DF4707, DF4708

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

LOCRET.RET

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_CPP-EXP61-a
CERT_CPP-EXP61-b
CERT_CPP-EXP61-c

Never return lambdas that capture local objects by reference
Never capture local objects from an outer lambda by reference
The lambda that captures local objects by reference should not be assigned to the variable with a greater lifetime

Polyspace Bug Finder

Include Page