Page History

...

Recursively reentering a function during the initialization of one of its static objects can result in an attacker being able to cause a crash or denial of service. Indeterminately ordered dynamic initialization can lead to undefined behavior due to accessing an uninitialized object.

Rule	Severity	Likelihood

Remediation Cost

Detectable	Repairable	Priority	Level
DCL56-CPP	Low	Unlikely

Medium

Yes

No

P2

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.STRUCT.INIT.CYCLE

LANG.STRUCT.INIT.UNORDERED

Initialization Cycle

Unordered Initialization

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C++1552, C++1554, C++1704

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

6 D

Enhanced Enforcement

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_CPP-DCL56-a

Avoid initialization order problems across translation units by replacing non-local static objects with local static objects

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C++: DCL56-CPP

Checks for:

Recursive initialization of static variables
Undetermined initialization order of global variables

Rule fully covered.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT Oracle Coding Standard for Java

DCL00-J. Prevent class initialization cycles

Bibliography

[ISO/IEC 14882-2014]

Subclause 3.6.2, "Initialization of Non-local Variables"
Subclause 6.7, "Declaration Statement"

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 59

New Version Current

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography