Uninitialized Variable

From OWASP
Revision as of 10:09, 21 July 2006 by Weilin Zhong (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


This article includes content generously donated to OWASP by Fortify.JPG.

Abstract

The program can potentially use a variable before it has been initialized.

Description

Stack variables in C and C++ are not initialized by default. Their initial values are determined by whatever happens to be in their location on the stack at the time the function is invoked. Programs should never use the value of an uninitialized variable.

It is not uncommon for programmers to use an uninitialized variable in code that handles errors or other rare and exceptional circumstances. Uninitialized variable warnings can sometimes indicate the presence of a typographic error in the code.

Examples

The following switch statement is intended to set the values of the variables aN and bN, but in the default case, the programmer has accidentally set the value of aN twice.

	switch (ctl) {
	  case -1:
		aN = 0; bN = 0;
		break;
	  case 0:
		aN = i; bN = -i;
		break;
	  case 1:
		aN = i + NEXT_SZ; bN = i - NEXT_SZ;
		break;
	  default:
		aN = -1; aN = -1;
		break;
	}
	repaint(aN, bN);

Most uninitialized variable issues result in general software reliability problems, but if attackers can intentionally trigger the use of an uninitialized variable, they might be able to launch a denial of service attack by crashing the program. Under the right circumstances, an attacker may be able to control the value of an uninitialized variable by affecting the values on the stack prior to the invocation of the function.

Related Threats

Related Attacks

Related Vulnerabilities

Related Countermeasures

Categories