Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is returning a pointer to a static local variable safe?

Tags:

c

static

I'm working with some code that widely uses the idiom of returning a pointer to a static local variable. eg:

char* const GetString() {   static char sTest[5];   strcpy(sTest, "Test");   return sTest; } 

Am I right in thinking that this is safe?

PS, I know that this would be a better way of doing the same thing:

char* const GetString() {   return "Test"; } 

Edit: Apologies, the function signature should of course be:

const char* GetString(); 
like image 675
John Carter Avatar asked Jan 17 '09 17:01

John Carter


People also ask

Can I return pointer to static variable?

Static Variables have a property of preserving their value even after they are out of their scope. So to execute the concept of returning a pointer from function in C you must define the local variable as a static variable.

Why we should not return a pointer to a local variable?

The return statement should not return a pointer that has the address of a local variable ( sum ) because, as soon as the function exits, all local variables are destroyed and your pointer will be pointing to someplace in the memory that you no longer own.

Can static variables have this pointer?

Yes that's fine. The life-time of local static variables are the full life-time of the program. And global variables (static or not) also have a life-time of the full program. That means pointers to them will always stay valid.

Why should one never return a pointer to something that is stack allocated?

Because it will cause undefined behavior in your program. Show activity on this post. If you return a pointer to a local variable once the function returns it is out of scope. From then on it is undefined behavior if you access the returned pointer.


2 Answers

First example: Somewhat safe

char* const GetString() {   static char sTest[5];   strcpy(sTest, "Test");   return sTest; } 

Although not recommended, this is safe, the scope of a static variable remains alive even when the scope of the function ends. This function is not very thread-safe at all. A better function would get you to pass a char* buffer and a maxsize for the GetString() function to fill.

In particular, this function is not considered a reentrant function because reentrant functions must not, amongst other things, return the address to static (global) non-constant data. See reentrant functions.

Second example: Completely unsafe

char* const GetString() {   return "Test"; } 

This would be safe if you did a const char *. What you gave is not safe. The reason is because string literals can be stored in a read only memory segment and allowing them to be modified will cause undefined results.

char* const (const pointer) means that you can't change the address the pointer is pointing to. const char * (pointer to const) means that you can't change the elements that this pointer is pointing to.

Conclusion:

You should consider either:

1) If you have access to the code then modify the GetString to take a parameter of a char* buffer to fill and a maxsize to use.

2) If you do not have access to the code, but you must call it, wrap this method in another function which is protected by a mutex. The new method is as described in 1.

like image 91
Brian R. Bondy Avatar answered Oct 07 '22 01:10

Brian R. Bondy


It depends on what you mean by safe. There are a couple of problems that I can see immediately:

  1. You've returned a char * const, which will allow callers to change the string at this location. Potential buffer overrun. Or did you mean a const char *?
  2. You might have a problem with reentrance, or with concurrency.

To explain the second, consider this:

const char * const format_error_message(int err) {     static char error_message[MAXLEN_ERROR_MESSAGE];     sprintf(error_message, "Error %#x occurred", err);     return error_message; } 

If you call it like this:

int a = do_something(); int b = do_something_else();  if (a != 0 && b != 0) {     fprintf(stderr,         "do_something failed (%s) AND do_something_else failed (%s)\n",         format_error_message(a), format_error_message(b)); }  

...what's going to be printed?

Same for threading.

like image 29
Roger Lipscombe Avatar answered Oct 07 '22 01:10

Roger Lipscombe