Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space CCPPOBJ and version Publish
Panel
borderColorgray
borderStyledashed

Name: Conditionally uninitialized variable

Description:

Excerpt
When an An initialization function is used to initialize a local variable, but the returned status code is not checked, the . The variable may be left in an uninitialized state, and reading the variable may result in undefined behavior.

ID: cpp/conditionally-uninitialized-variable

Kind: problem

Severity: warning

Dont print
Code Block
languageql
titleQuery: ConditionallyUninitializedVariable.ql
collapsetrue
/**
 * @name Conditionally uninitialized variable
 * @description WhenAn an initialization function is used to initialize a local variable, but the
 *              returned status code is not checked,. theThe variable may be left in an uninitialized
 *              state, and reading the variable may result in undefined behavior.
 * @kind problem
 * @problem.severity warning
 * @opaque-id SM02313
 * @id cpp/conditionally-uninitialized-variable
 * @tags security
 *       external/cwe/cwe-457
 */

import cpp
import semmle.code.cpp.controlflow.SSA
private import UninitializedVariables

from
  ConditionallyInitializedVariable v, ConditionalInitializationFunction f,
  ConditionalInitializationCall call, string defined, Evidence e
where
  exists(v.getARiskyAccess(f, call, e)) and
  (
    if e = DefinitionInSnapshot()
    then defined = ""
    else
      if e = SuggestiveSALAnnotation()
      then defined = "externally defined (SAL) "
      else defined = "externally defined (CSV) "
  )
select call,
  "The status of this call to " + defined +
    "$@ is not checked, potentially leaving $@ uninitialized.", f, f.getName(), v, v.getName()

...

Htmlcomment
hiddentrue
hashconfluence_uploader_hash:04060521b6a3fb04708d84b486033ffa35e7fb37154b99967f98b80a2872950606f1cac7afb6a075