CERT-EXP33-C_e
Synopsis
Do not read uninitialized memory.
Enabled by default
Yes
Severity/Certainty
High/Medium
Full description
Uninitialized automatic variables or dynamically allocated memory has indeterminate values, which for objects of some types, can be a trap representation. Reading such trap representations is undefined behavior; it can cause a program to behave in an unexpected manner and provide an avenue for attack. This check is identical to MISRAC2004-1.2_b, MISRAC2012-Rule-9.1_d, SPC-uninit-struct-field.
Coding standards
- CERT EXP33-C
Do not reference uninitialized memory
- CWE 758
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
- CWE 824
Access of Uninitialized Pointer
- CWE 908
Use of Uninitialized Resource
- MISRA C:2012 Rule-9.1
(Mandatory) The value of an object with automatic storage duration shall not be read before it has been set
Code examples
The following code example fails the check and will give a warning:
struct st {
int x;
int y;
};
void example(void) {
int a;
struct st str;
a = str.x;
}
The following code example passes the check and will not give a warning about this issue:
struct st {
int x;
int y;
};
void example(int i) {
int a;
struct st str;
str.x = i;
a = str.x;
}