Local, automatic variables can assume _unexpected_ values if they are used before they are initialized. C99 specifies "If an object that has automatic storage duration is not initialized explicitly, its value is indeterminate" \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]. In practice, this value defaults to whichever values are currently stored in stack memory. While uninitialized memory often contains zero, this is not guaranteed. Consequently, uninitialized memory can cause a program to behave in an unpredictable or unplanned manner and may provide an avenue for attack. |
In most cases compilers warn about uninitialized variables. These warnings should be handled appropriately by the programmer as stated in MSC00-A. Compile cleanly at high warning levels.
Accessing uninitialized variables generally leads to unexpected program behavior. In some cases these types of flaws may allow the execution of arbitrary code.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP33-C |
3 (high) |
1 (unlikely) |
2 (medium) |
P6 |
L2 |
The Coverity Prevent UNINIT checker can find cases of when an uninitialized variable is used before it is initialized, although it cannot detect cases of uninitialized members of a struct. Coverity Prevent cannot discover all violations of this rule so further verification is necessary.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
\[[mercy|AA. C References#mercy]\] \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.8, "Initialization" \[[Halvar|http://www.blackhat.com/presentations/bh-europe-06/bh-eu-06-Flake.pdf]\] |