CWE-562: Return of Stack Variable Address

BaseDraft

A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.

View on MITRE

Back to CWE Lookup

Extended Description

Because local variables are allocated on the stack, when a program returns a pointer to a local variable, it is returning a stack address. A subsequent function call is likely to re-use this same stack address, thereby overwriting the value of the pointer, which no longer corresponds to the same variable since a function's stack frame is invalidated when it returns. At best this will cause the value of the pointer to change unexpectedly. In many cases it causes the program to crash the next time the pointer is dereferenced.

Technical Details

Structure: Simple

Applicable To

Languages

CC++

Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-562

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references