CWE-562
Overview
- CWE ID
- 562
- CWE Name
- Return of Stack Variable Address
- CWE Abstraction
- Base
- CWE structure
- Simple
- CWE Status
- Draft
Description
A function returns the address of a stack variable, which will cause unintended program behavior, typically in the form of a crash.
Extended Description
Because local variables are allocated on the stack, when a program returns a pointer to a local variable, it is returning a stack address. A subsequent function call is likely to re-use this same stack address, thereby overwriting the value of the pointer