UNINIT.STACK.MIGHT
Uninitialized variable possible
The UNINIT.STACK.MIGHT checker finds instances in which a local variable of a non-class type is read when it may not have been initialized.
Vulnerability and risk
In C++, stack variables aren't initialized by default. They generally contain random junk data from the current content of stack memory. The uninitialized data may contain values that cause program flow to change in unintended ways, possibly with security implications.
Mitigation and prevention
To avoid initialization problems, make sure all variables and resources are initialized explicitly before their first usage. Take note of complex conditional situations and make sure that all paths include the initialization.
Vulnerable code example
Copy
int foo(int t) {
int x;
if (t > 16) {
x = 1;
} else if (t > 8) {
x = 2;
}
return x + 1;
}
Klocwork flags line 8, indicating that the value of variable 'x' can be used when it might be uninitialized.