CERT.EXPR.VOLATILE.PTRPTR
Do not assign a reference to a non-volatile pointer to a volatile pointer-to-pointer.
Vulnerability and risk
Referencing a volatile-qualified type by a non-volatile lvalue is undefined behavior.
For example, the compiler may remove critical code during optimization if it believes a variable, once tested, cannot change.
This checker looks for code that assigns the address of a non-volatile pointer to a volatile pointer pointer (**). This could allow the lvalue of a volatile object to be saved in the non-volatile pointer.
Mitigation and prevention
Use the "volatile" qualifier on any pointers pointing to volatile objects.
Example
void func(void) { static volatile int **ipp; static int *ip; static volatile int i = 0; printf("i = %d.\n", i); ipp = &ip; /* May produce a warning diagnostic */ ipp = (int**) &ip; /* May produce a warning diagnostic */ *ipp = &i; /* Valid */ if (*ip != 0) { /* ip is defined as non-volative but it contains the lvalue of a volative int */ /* ... */ } }
Violations will be reported on lines 8 and 9.