|
Status: Draft Weakness ID: 562 (Weakness Base)Description Summary A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash. Potential Mitigations Use static analysis tools to spot return of the address of a stack variable. Demonstrative Examples The following function returns a stack address. char* getName() { char name[STR_MAX]; fillInName(name); return name; }
Other Notes Because local variables are allocated on the stack, when a program returns a pointer to a local variable, it is returning a stack address. A subsequent function call is likely to re-use this same stack address, thereby overwriting the value of the pointer, which no longer corresponds to the same variable since a function's stack frame is invalidated when it returns. At best this will cause the value of the pointer to change unexpectedly. In many cases it causes the program to crash the next time the pointer is dereferenced. The problem can be hard to debug because the cause of the problem is often far removed from the symptom. Relationships
Taxonomy Mappings
Applicable Platforms Languages C C++ Time of Introduction ImplementationContent History Submissions Anonymous Tool Vendor (under NDA). (Externally Mined) Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Potential_Mitigations, Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings CWE Content Team. MITRE. 2008-11-24. (Internal) updated Relationships, Taxonomy_Mappings Previous Entry Names Stack Address Returned (changed 2008-04-11) |
|
|
|||