Do not access or modify the result of a function call after a subsequent sequence point. According to C99 Section 6.5.2.2, "Function calls":
If an attempt is made to modify the result of a function call or to access it after the next sequence point, the behavior is undefined.
In C, the lifetime of a return value ends at the next sequence point.
#include <stdio.h>
struct X { char a[6]; };
struct X addressee() {
struct X result = { "world" };
return result;
}
int main(void) {
printf("Hello, %s!\n", addressee().a);
return 0;
}
|
Because there is a sequence point after the call to addressee() and before the call to {{printf()]], this program has
undefined behavior.
This code compiles cleanly and runs without error under Microsoft Visual C++ Version 8.0. On gcc version 4.1, the program compiles with a warning when the -Wall switch is used and execution on Linux results in a segmentation fault.
This compliant solution does not have undefined behavior because the reference to the returned value is evaluated before the subsequent sequence point.
#include <stdio.h>
struct X { char a[6]; };
struct X addressee() {
struct X result = { "world" };
return result;
}
int main(void) {
printf(
"Hello, %c!\n",
addressee().a[0],
addressee().a[1],
addressee().a[2],
addressee().a[3],
addressee().a[4]
);
return 0;
}
|
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP34-C |
1 (low) |
1 (low) |
3 (medium) |
P3 |
L3 |
Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]] Section 6.5.2.2, "Function calls" |