I'm working with some code that widely uses the idiom of returning a pointer to a static local variable. eg:
char* const GetString() { static char sTest[5]; strcpy(sTest, "Test"); return sTest; }
Am I right in thinking that this is safe?
PS, I know that this would be a better way of doing the same thing:
char* const GetString() { return "Test"; }
Edit: Apologies, the function signature should of course be:
const char* GetString();
Static Variables have a property of preserving their value even after they are out of their scope. So to execute the concept of returning a pointer from function in C you must define the local variable as a static variable.
The return statement should not return a pointer that has the address of a local variable ( sum ) because, as soon as the function exits, all local variables are destroyed and your pointer will be pointing to someplace in the memory that you no longer own.
Yes that's fine. The life-time of local static variables are the full life-time of the program. And global variables (static or not) also have a life-time of the full program. That means pointers to them will always stay valid.
Because it will cause undefined behavior in your program. Show activity on this post. If you return a pointer to a local variable once the function returns it is out of scope. From then on it is undefined behavior if you access the returned pointer.
First example: Somewhat safe
char* const GetString() { static char sTest[5]; strcpy(sTest, "Test"); return sTest; }
Although not recommended, this is safe, the scope of a static variable remains alive even when the scope of the function ends. This function is not very thread-safe at all. A better function would get you to pass a char* buffer
and a maxsize
for the GetString()
function to fill.
In particular, this function is not considered a reentrant function because reentrant functions must not, amongst other things, return the address to static (global) non-constant data. See reentrant functions.
Second example: Completely unsafe
char* const GetString() { return "Test"; }
This would be safe if you did a const char *
. What you gave is not safe. The reason is because string literals can be stored in a read only memory segment and allowing them to be modified will cause undefined results.
char* const
(const pointer) means that you can't change the address the pointer is pointing to. const char *
(pointer to const) means that you can't change the elements that this pointer is pointing to.
Conclusion:
You should consider either:
1) If you have access to the code then modify the GetString
to take a parameter of a char* buffer
to fill and a maxsize
to use.
2) If you do not have access to the code, but you must call it, wrap this method in another function which is protected by a mutex. The new method is as described in 1.
It depends on what you mean by safe. There are a couple of problems that I can see immediately:
char * const
, which will allow callers to change the string at this location. Potential buffer overrun. Or did you mean a const char *
?To explain the second, consider this:
const char * const format_error_message(int err) { static char error_message[MAXLEN_ERROR_MESSAGE]; sprintf(error_message, "Error %#x occurred", err); return error_message; }
If you call it like this:
int a = do_something(); int b = do_something_else(); if (a != 0 && b != 0) { fprintf(stderr, "do_something failed (%s) AND do_something_else failed (%s)\n", format_error_message(a), format_error_message(b)); }
...what's going to be printed?
Same for threading.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With