libnitrokey icon indicating copy to clipboard operation
libnitrokey copied to clipboard

Published 20 hours ago verified publisher icon Nitrokey

Return of address of stack memory associated with local variable

Open monwarez opened this issue 2 years ago • 1 comments

https://github.com/Nitrokey/libnitrokey/blob/d22a0d28d29429e4d04765ed6e43515cfcdfd9a8/libnitrokey/LibraryException.h#L49-L54

This code trigger -Wreturn-stack-address since this is not a known at compile time string, and thus the content of the string will be use after free by the caller. Ideally if the exception would just return a string for each implementation, there will be no issue.

monwarez avatar May 01 '22 12:05 monwarez

I think that if the string msg is stored (like in some other exception classes) as a member then this should be good. But this will certainly break ABI.

monwarez avatar May 02 '22 09:05 monwarez