MEM-stack-param-ref (C++ only)
Synopsis
Stack address is stored via reference parameter.
Enabled by default
Yes
Severity/Certainty
High/Medium
Full description
A stack address is stored outside a function via a parameter of reference type. The address of a local stack variable is assigned to a reference argument of its function. When the function ends, this memory address will become invalid. This is particularly dangerous because the application might appear to run normally, when it is in fact accessing illegal memory. This might also lead to an application crash, or data changing unpredictably. This check is identical to MISRAC++2008-7-5-2_d, MISRAC++2023-6.8.3_d.
Coding standards
- CERT DCL30-C
Declare objects with appropriate storage durations
- CWE 466
Return of Pointer Value Outside of Expected Range
- MISRA C++ 2008 7-5-2
(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist.
- MISRA C++ 2023 6.8.3
(Required) An assignment operator shall not assign the address of an object with automatic storage duration to an object with a greater lifetime
Code examples
The following code example fails the check and will give a warning:
void example(int *&pxx) {
int x;
pxx = &x;
}
The following code example passes the check and will not give a warning about this issue:
void example(int *p, int *&q) {
int x;
int *px= &x;
p = px; // ok, pointer
q = p; // ok, not local
}