In this section:

Overview

This error is generated whenever a function returns a pointer to a (non-static) local variable. Since the stack frame of this routine will disappear when the function returns, this pointer is never valid.

In order for Insure++ to find this error, the suppressEDGWarning off option is required.

Code	Description	Enabled	Reported	Platform
RETURN_DANGLING	Returning pointer to local variable		Compilation	Windows/Unix

Problem

The following code shows the routine foo returning a pointer to a local variable.

/*
 * File: retdngl.c
 */
char *foo()
{
	char b[10];
	return b;
}

main()
{
	char *a = foo();
	return 0;
}

Diagnosis During Compilation

[retdngl.c:7] **RETURN_DANGLING**
	Returning pointer to local variable: b.
>>		 return b;

---- Associated Common Weakness Enumerations ----
CWE-119: Improper restriction of operations within a memory buffer
CWE-562: Return of stack variable address

Line 1: Source line at which the problem was detected.
Line 2: Description of the problem and the expression that is in error.
Line 5-7: CWEs associated with this problem.

Repair

The pointer returned in this manner can be made legal in one of several ways:

Passing the required buffer from the calling function and, if required, also passing the size of the buffer as another parameter.
Declaring the memory block static in the called routine, i.e., line 6 would become:
static char b[10];
Allocating a block dynamically instead of on the stack and returning a pointer to it, e.g.:
char *foo() { return malloc(10); }
Making the memory block into a global variable rather than a local one.

Occasionally, the value returned from the function is never used in which case it is safest to change the declaration of the routine to indicate that no value is returned.

References

The table below shows Common Weakness Enumerations associated with this error.

CWE	Description
CWE-119	Improper restriction of operations within a memory buffer
CWE-562	Return of stack variable address