Do not access or modify the result of a function call after a subsequent sequence point. According to C99 Section 6.5.2.2, "Function calls":
If an attempt is made to modify the result of a function call or to access it after the next sequence point, the behavior is undefined.
Non-Compliant Code Example
In C, the lifetime of a return value ends at the next sequence point.
#include <stdio.h>
struct X { char a[6]; };
struct X addressee() {
struct X result = { "world" };
return result;
}
int main(void) {
printf("Hello, %s!\n", addressee().a);
return 0;
}
Because there is a sequence point after the call to addressee() and before the call to printf(), this program has
undefined behavior.
Implementation Details
This code compiles cleanly and runs without error under Microsoft Visual C++ Version 8.0. On gcc version 4.1, the program compiles with a warning when the -Wall switch is used and execution on Linux results in a segmentation fault.
Compliant Solution
This compliant solution does not have undefined behavior because the reference to the returned value is evaluated before the subsequent sequence point.
#include <stdio.h>
struct X { char a[6]; };
struct X addressee() {
struct X result = { "world" };
return result;
}
int main(void) {
printf("Hello, %c!\n", addressee().a[rand() % 5]);
return 0;
}
Risk Assessment
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP34-C |
1 (low) |
1 (low) |
3 (medium) |
P3 |
L3 |
Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.
References
[[ISO/IEC 9899-1999]] Section 6.5.2.2, "Function calls"