CERT-EXP33-C_d
Synopsis
Do not read uninitialized memory.
Enabled by default
Yes
Severity/Certainty
High/Medium
Full description
Uninitialized automatic variables or dynamically allocated memory has indeterminate values, which for objects of some types, can be a trap representation. Reading such trap representations is undefined behavior; it can cause a program to behave in an unexpected manner and provide an avenue for attack. This check is identical to MISRAC2004-1.2_a, MISRAC2012-Rule-9.1_b, SPC-uninit-arr-all.
Coding standards
- CERT EXP33-C
Do not reference uninitialized memory
- CWE 758
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
- CWE 824
Access of Uninitialized Pointer
- CWE 908
Use of Uninitialized Resource
- MISRA C:2004 1.2
(Required) No reliance shall be placed on undefined or unspecified behavior.
- MISRA C:2012 Rule-9.1
(Mandatory) The value of an object with automatic storage duration shall not be read before it has been set
Code examples
The following code example fails the check and will give a warning:
void example() {
int a[20];
int b = a[1];
}
The following code example passes the check and will not give a warning about this issue:
extern void f(int*);
void example() {
int a[20];
f(a);
int b = a[1];
}