ISO/IEC TS 17961 [addrescape]
Escaping of the address of an automatic object
Description
Rule Definition
Escaping of the address of an automatic object.1
Polyspace Implementation
This checker checks for these issues:
Pointer or reference to stack variable leaving scope.
Use of automatic variable as putenv-family function argument.
Examples
Pointer or reference to stack variable leaving scope
Pointer or reference to stack variable leaving scope occurs when a pointer or reference to a local variable leaves the scope of the variable. For instance:
A function returns a pointer to a local variable.
A function performs the assignment
globPtr = &locVar
.globPtr
is a global pointer variable andlocVar
is a local variable.A function performs the assignment
*paramPtr = &locVar
.paramPtr
is a function parameter that is, for instance, anint**
pointer andlocVar
is a localint
variable.A C++ method performs the assignment
memPtr = &locVar
.memPtr
is a pointer data member of the class the method belongs to.locVar
is a variable local to the method.
The defect also applies to memory allocated using the
alloca
function. The defect does not apply to static,
local variables. Polyspace® assumes that the local objects within a function definition are in
the same scope.
Local variables are allocated an address on the stack. Once the scope of a local variable ends, this address is available for reuse. Using this address to access the local variable value outside the variable scope can cause unexpected behavior.
If a pointer to a local variable leaves the scope of the variable, Polyspace Bug Finder™ highlights the defect. The defect appears even if you do not use the address stored in the pointer. For maintainable code, it is a good practice to not allow the pointer to leave the variable scope. Even if you do not use the address in the pointer now, someone else using your function can use the address, causing undefined behavior.
Do not allow a pointer or reference to a local variable to leave the variable scope.
void func2(int *ptr) {
*ptr = 0;
}
int* func1(void) {
int ret = 0;
return &ret ;
}
void main(void) {
int* ptr = func1() ;
func2(ptr) ;
}
In this example, func1
returns a pointer
to local variable ret
.
In main
, ptr
points to
the address of the local variable. When ptr
is
accessed in func2
, the access is illegal because
the scope of ret
is limited to func1
,
Use of automatic variable as putenv-family function argument
Use of automatic variable as putenv
-family function
argument occurs when the argument of a putenv
-family function
is a local variable with automatic duration.
The function putenv(char *string)
inserts a pointer to its supplied
argument into the environment array, instead of making a copy of the argument. If the
argument is an automatic variable, its memory can be overwritten after the function
containing the putenv()
call returns. A subsequent call to
getenv()
from another function returns the address of an out-of-scope
variable that cannot be dereferenced legally. This out-of-scope variable can cause
environment variables to take on unexpected values, cause the program to stop responding, or
allow arbitrary code execution vulnerabilities.
Use setenv()
/unsetenv()
to set and unset
environment variables. Alternatively, use putenv
-family function
arguments with dynamically allocated memory, or, if your application has no reentrancy
requirements, arguments with static duration. For example, a single thread execution with no
recursion or interrupts does not require reentrancy. It cannot be called (reentered) during
its execution.
putenv()
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#define SIZE1024 1024
void func(int var)
{
char env[SIZE1024];
int retval = sprintf(env, "TEST=%s", var ? "1" : "0");
if (retval <= 0) {
/* Handle error */
}
/* Environment variable TEST is set using putenv().
The argument passed to putenv is an automatic variable. */
retval = putenv(env);
if (retval != 0) {
/* Handle error */
}
}
In this example, sprintf()
stores the character string
TEST=var
in env
. The value of the environment
variable TEST
is then set to var
by using
putenv()
. Because env
is an automatic variable, the
value of TEST
can change once func()
returns.
static
Variable for Argument of
putenv()
Declare env
as a static-duration variable. The memory location of
env
is not overwritten for the duration of the program, even after
func()
returns.
#include <stdio.h> #include <stdlib.h> #include <string.h> #define SIZE1024 1024 void func(int var) { /* static duration variable */ static char env[SIZE1024]; int retval = sprintf(env,"TEST=%s", var ? "1" : "0"); if (retval <= 0) { /* Handle error */ } /* Environment variable TEST is set using putenv() */ retval=putenv(env); if (retval != 0) { /* Handle error */ } }
setenv()
to Set Environment Variable
ValueTo set the value of TEST
to var
, use
setenv()
.
#include <stdio.h> #include <stdlib.h> #include <string.h> #define SIZE1024 1024 void func(int var) { /* Environment variable TEST is set using setenv() */ int retval = setenv("TEST", var ? "1" : "0", 1); if (retval != 0) { /* Handle error */ } }
Check Information
Decidability: Undecidable |
Version History
Introduced in R2019aR2022a: Checker considers that all objects local to function are in same scope
The rule checker assumes that all local objects within a function definition are in the same scope. Consider this code:
void foo(){ int* p; { int tmp = 4; p = &tmp; } int q = *p;//Compliant }
tmp
, p
and q
are in the same scope.1 Extracts from the standard "ISO/IEC TS 17961 Technical Specification - 2013-11-15" are reproduced with the agreement of AFNOR. Only the original and complete text of the standard, as published by AFNOR Editions - accessible via the website www.boutique.afnor.org - has normative value.
MATLAB Command
You clicked a link that corresponds to this MATLAB command:
Run the command by entering it in the MATLAB Command Window. Web browsers do not support MATLAB commands.
Select a Web Site
Choose a web site to get translated content where available and see local events and offers. Based on your location, we recommend that you select: United States.
You can also select a web site from the following list
How to Get Best Site Performance
Select the China site (in Chinese or English) for best site performance. Other MathWorks country sites are not optimized for visits from your location.
Americas
- América Latina (Español)
- Canada (English)
- United States (English)
Europe
- Belgium (English)
- Denmark (English)
- Deutschland (Deutsch)
- España (Español)
- Finland (English)
- France (Français)
- Ireland (English)
- Italia (Italiano)
- Luxembourg (English)
- Netherlands (English)
- Norway (English)
- Österreich (Deutsch)
- Portugal (English)
- Sweden (English)
- Switzerland
- United Kingdom (English)
Asia Pacific
- Australia (English)
- India (English)
- New Zealand (English)
- 中国
- 日本Japanese (日本語)
- 한국Korean (한국어)