According to C99 Section 6.5.2.2, "Function calls":
If an attempt is made to modify the result of a function call or to access it after the next sequence point, the behavior is undefined.
Non-Compliant Code Example
In C, the lifetime of a return value ends at the next sequence point.
#include <stdio.h>
struct X { char a[6]; };
struct X addressee() {
struct X result = { "world" };
return result;
}
int main(void) {
printf("Hello, %s!\n", addressee().a);
return 0;
}
Because there is a sequence point after the call to addressee() and before the call to {{printf()]], this program has
undefined behavior.
Compliant Solution
This compliant solution does not have undefined behavior because the reference to the returned value is evaluated before the subsequent sequence point.
#include <stdio.h>
struct X { char a[6]; };
struct X addressee() {
struct X result = { "world" };
return result;
}
int main(void) {
printf(
"Hello, %c!\n",
addressee().a[0],
addressee().a[1],
addressee().a[2],
addressee().a[3],
addressee().a[4]
);
return 0;
}
Risk Assessment
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP34-C |
1 (low) |
1 (low) |
3 (medium) |
P3 |
L3 |
Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.
References
[[ISO/IEC 9899-1999]] Section 6.5.2.2, "Function calls"