Skip to main content

IAR Embedded Workbench for Arm 9.70.x

MEM-stack-param

In this section:
Synopsis

A stack address is stored outside a function via a parameter.

Enabled by default

Yes

Severity/Certainty

High/Medium

highmedium.png
Full description

The address of a local stack variable is assigned to a location supplied by the caller via a parameter. When the function ends, this memory address will become invalid. This is particularly dangerous because the application might appear to run normally, when it is in fact accessing illegal memory. This might also lead to an application crash, or data changing unpredictably. Note that this check looks for any expression referring to the store located by the parameter, so the assignment local[*parameter] = & local; will trigger the check despite being OK. This check is identical to MISRAC++2008-7-5-2_c, MISRAC++2023-6.8.3_c, MISRAC2004-17.6_d, MISRAC2012-Rule-1.3_s, MISRAC2012-Rule-18.6_d, CERT-DCL30-C_e.

Coding standards
CERT DCL30-C

Declare objects with appropriate storage durations

CWE 466

Return of Pointer Value Outside of Expected Range

MISRA C:2004 17.6

(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist.

MISRA C:2012 Rule-1.3

(Required) There shall be no occurrence of undefined or critical unspecified behaviour

MISRA C:2012 Rule-18.6

(Required) The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist

MISRA C++ 2008 7-5-2

(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist.

MISRA C++ 2023 6.8.3

(Required) An assignment operator shall not assign the address of an object with automatic storage duration to an object with a greater lifetime

Code examples

The following code example fails the check and will give a warning:

void example(int **ppx) {
  int x;
  ppx[0] = &x;  //local address
}

The following code example passes the check and will not give a warning about this issue:

static int y = 0;
void example3(int **ppx){
  *ppx = &y;  //OK - static address
}