CERT.EXPR.VOLATILE.PTRPTR

Do not assign a reference to a non-volatile pointer to a volatile pointer-to-pointer.

Vulnerability and risk

Referencing a volatile-qualified type by a non-volatile lvalue is undefined behavior.

For example, the compiler may remove critical code during optimization if it believes a variable, once tested, cannot change.

This checker looks for code that assigns the address of a non-volatile pointer to a volatile pointer pointer (**). This could allow the lvalue of a volatile object to be saved in the non-volatile pointer.

Mitigation and prevention

Use the "volatile" qualifier on any pointers pointing to volatile objects.

Example

  void func(void) {
    static volatile int **ipp;
    static int *ip;
    static volatile int i = 0;
   
    printf("i = %d.\n", i);
   
    ipp = &ip; /* May produce a warning diagnostic */
    ipp = (int**) &ip; /* May produce a warning diagnostic */
    *ipp = &i; /* Valid */
    if (*ip != 0) { /* ip is defined as non-volative but it contains the lvalue of a volative int */
      /* ... */
    }
}

Violations will be reported on lines 8 and 9.

External guidance

• CERT EXP32-C: Do not access a volatile object through a nonvolatile reference