...
To default-initialize an object of type
Tmeans:
— ifTis a (possibly cv-qualified) class type, the default constructor forTis called (and the initialization is ill-formed ifThas no default constructor or overload resolution results in an ambiguity or in a function that is deleted or inaccessible from the context of the initialization);
— ifTis an array type, each element is default-initialized;
— otherwise, no initialization is performed.
If a program calls for the default initialization of an object of a const-qualified typeT,Tshall be a class type with a user-provided default constructor.
As a result, objects of type T with automatic or dynamic storage duration must be explicitly initialized before having their value read as part of an expression unless T is a class type or an array thereof or is an unsigned narrow character type. If T is an unsigned narrow character type, it may be used to initialize an object of unsigned narrow character type, which results in both objects having an indeterminate value. This technique can be used to implement copy operations such as std::memcpy() without triggering undefined behavior.
Additionally, memory dynamically allocated with a new expression is default-initialized when the new-initialized is omitted. Memory allocated by the standard library function std::calloc() is zero-initialized. Memory allocated by the standard library function std::realloc() assumes the values of the original pointer but may not initialize the full range of memory. Memory allocated by any other means ( std::malloc(), allocator objects, operator new(), and so on) is assumed to be default-initialized.
...
Reading uninitialized variables is undefined behavior and can result in unexpected program behavior. In some cases, these security flaws may allow the execution of arbitrary code.
Rule | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
EXP53-CPP | High | Probable | No |
Yes | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| uninitialized-read | Partially checked | ||||||
| Clang |
| -Wuninitialized clang-analyzer-core.UndefinedBinaryOperatorResult | Does not catch all instances of this rule, such as uninitialized values read from heap-allocated memory. | ||||||
| CodeSonar |
| LANG.STRUCT.RPL | Return pointer to local Uninitialized variable | ||||||
| Helix QAC |
| DF726, DF2727, DF2728, DF2961, DF2962, DF2963, DF2966, DF2967, DF2968, DF2971, DF2972, DF2973, DF2976, DF2977, DF978 | |||||||
| Klocwork |
| UNINIT.CTOR.MIGHT UNINIT.CTOR.MUST UNINIT.HEAP.MIGHT UNINIT.HEAP.MUST UNINIT.STACK.ARRAY.MIGHT UNINIT.STACK.ARRAY.MUST UNINIT.STACK.ARRAY.PARTIAL.MUST UNINIT.STACK.MIGHT UNINIT.STACK.MUST | |||||||
| LDRA tool suite |
| 53 D, 69 D, 631 S, 652 S | Partially implemented | ||||||
| Parasoft C/C++test |
| CERT_CPP-EXP53-a | Avoid use before initialization |
| Parasoft Insure++ | Runtime detection | ||||||||
| Polyspace Bug Finder |
| CERT C++: EXP53-CPP | Checks for:
Rule partially covered. | ||||||
| PVS-Studio |
| V546, V573, V614, V670, V679, V730, V788, V1007, |
| V1050 | |||||||||
| RuleChecker |
| uninitialized-read | Partially checked | ||||||
| Security Reviewer - Static Reviewer | 6.02 | C54 C55 C56 C57 C58 C59 C60 C61 C62 C63 | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Bibliography
| [ISO/IEC 14882-2014] | Clause 5, "Expressions" Subclause 5.3.4, "New" Subclause 8.5, "Initializers" Subclause 12.6.2, "Initializing Bases and Members" |
| [Lockheed Martin |
| 2005] | Rule 142, All variables shall be initialized before use |
...
...