CWE-562: Return of Stack Variable Address

Description

A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

Because local variables are allocated on the stack, when a program returns a pointer to a local variable, it is returning a stack address. A subsequent function call is likely to re-use this same stack address, thereby overwriting the value of the pointer, which no longer corresponds to the same variable since a function's stack frame is invalidated when it returns. At best this will cause the value of the pointer to change unexpectedly. In many cases it causes the program to crash the next time the pointer is dereferenced.

Example Vulnerable Codes

Example - 1

The following function returns a stack address.


char name[STR_MAX];fillInName(name);return name;char* getName() {}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-672: Operation on a Resource after Expiration or Release
Go to
CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Go to
CWE-825: Expired Pointer Dereference
Go to

Visit http://cwe.mitre.org/ for more details.