CERT-EXP33-C_c
Synopsis
Do not read uninitialized memory.
Enabled by default
Yes
Severity/Certainty
High/Medium
Full description
Uninitialized automatic variables or dynamically allocated memory has indeterminate values, which for objects of some types, can be a trap representation. Reading such trap representations is undefined behavior; it can cause a program to behave in an unexpected manner and provide an avenue for attack. This check is identical to MISRAC2012-Rule-9.1_a, PTR-uninit-pos.
Coding standards
- CERT EXP33-C
Do not reference uninitialized memory
- CWE 758
Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
- CWE 824
Access of Uninitialized Pointer
- CWE 908
Use of Uninitialized Resource
- MISRA C:2012 Rule-9.1
(Mandatory) The value of an object with automatic storage duration shall not be read before it has been set
Code examples
The following code example fails the check and will give a warning:
void example(void) {
int *p;
*p = 4; //p is uninitialized
}
The following code example passes the check and will not give a warning about this issue:
void example(void) {
int *p,a;
p = &a;
*p = 4; //OK - p holds a valid address
}