Function returns the address of a stack-allocated variable

c.memory_management.ret_stack_address

Severity

low

Resource

Memory Management

Language

C / C++

Description

A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.

Rationale

A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.

The following code illustrates a vulnerable pattern detected by this rule:

#define STR_MAX 256

char *getName_bad()
{
	char name[STR_MAX];

	fillInName(name);
	// VULNERABLE: Function returns the address of a stack-allocated variable
	return name;
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-562
OWASP Top 10 2021 - A04 : Insecure Design.
https://github.com/struct/mms
https://www.sei.cmu.edu/downloads/sei-cert-c-coding-standard-2016-v01.pdf
https://docs.microsoft.com/en-us/cpp/sanitizers/asan-error-examples
https://rules.sonarsource.com/c/type/Bug/RSPEC-946
CERTC-DCL30-C