Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4.1 update

...

Recursively reentering a function during the initialization of one of its static objects can result in an attacker being able to cause a crash or denial of service. Indeterminately ordered dynamic initialization can lead to undefined behavior due to accessing an uninitialized object.

RuleSeverityLikelihoodRemediation CostPriorityLevel
DCL56-CPPLowUnlikelyMediumP2L3

Automated Detection

Tool
Version
Checker
Description
LDRA tool suite
Include Page
LDRA_V
LDRA_V

6 D

Enhanced Enforcement

Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_CPP-DCL56-a

Avoid initialization order problems across translation units by replacing non-local static objects with local static objects

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography

[ISO/IEC 14882-2014]

Subclause 3.6.2, "Initialization of Non-local Variables"
Subclause 6.7, "Declaration Statement"

 


...