CERT-DCL30-C_d
Synopsis
Declare objects with appropriate storage durations.
Enabled by default
Yes
Severity/Certainty
High/High
Full description
Every object has a storage duration that determines its lifetime: static, thread, automatic, or allocated. Do not attempt to access an object outside of its lifetime. Attempting to do so is undefined behavior and can lead to an exploitable vulnerability. This check is identical to MEM-stack-global-field, MISRAC++2008-7-5-2_b, MISRAC++2023-6.8.3_b, MISRAC2004-17.6_c, MISRAC2012-Rule-18.6_c.
Coding standards
- CERT DCL30-C
Declare objects with appropriate storage durations
- MISRA C:2004 17.6
(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist.
- MISRA C:2012 Rule-18.6
(Required) The address of an object with automatic storage shall not be copied to another object that persists after the first object has ceased to exist
- MISRA C++ 2008 7-5-2
(Required) The address of an object with automatic storage shall not be assigned to another object that may persist after the first object has ceased to exist.
- MISRA C++ 2023 6.8.3
(Required) An assignment operator shall not assign the address of an object with automatic storage duration to an object with a greater lifetime
Code examples
The following code example fails the check and will give a warning:
struct S{
int *px;
} s;
void example() {
int i = 0;
s.px = &i; //storing local address in global struct
}
The following code example passes the check and will not give a warning about this issue:
#include <stdlib.h>
struct S{
int *px;
} s;
void example() {
int i = 0;
s.px = &i; //OK - the field is written to later
s.px = NULL;
}