CERT-DCL30-C_b
In this section:
Synopsis
Declare objects with appropriate storage durations.
Enabled by default
Yes
Severity/Certainty
High/High
Full description
Every object has a storage duration that determines its lifetime: static, thread, automatic, or allocated. Do not attempt to access an object outside of its lifetime. Attempting to do so is undefined behavior and can lead to an exploitable vulnerability. This check is identical to MEM-stack-pos.
Coding standards
- CERT DCL30-C
Declare objects with appropriate storage durations
Code examples
The following code example fails the check and will give a warning:
int *example(int *a) {
int i;
int *p;
if (a) {
p = a;
} else {
p = &i;
}
return p;
}
The following code example passes the check and will not give a warning about this issue:
int g;
int *example(int *a) {
int i;
int *p;
if (a) {
p = a;
} else {
p = &g;
}
return p;
}