CWE Rule 909

Missing Initialization of Resource

Since R2026a

expand all in page

Description

The product does not initialize a critical resource

Polyspace Implementation

Polyspace® checks for these issues

  • Use of standard library string routine on noninitialized buffer

  • Non initialized pointer

Examples

expand all

Issue

This issue occurs when a string library function is called with a buffer that is not initialized.

Risk

When string operations are performed on a noninitialized buffer, the resulting string is unpredictable and can result in unexpected behavior.

Fix

Initialize string buffers before performing string operations on them.

Example

In this example, the buffer buff is not initialized before it is used as input to strcat and printf. Because the buffer is not initialized, it may be filler with junk value. When "foo" is concatenated to it, the result is unpredictable.

#include <stdio.h>
#include <string.h>


void example_NonCompliant() {
    char buff[20];
    strcat(buff, "foo");  //Noncompliant
    printf("%s\n", buff);
}

int main(void) {
    example_NonCompliant();
    return 0;
}
Correction

The corrected version initializes the buffer before using it in library functions.

#include <stdio.h>
#include <string.h>


void example_NonCompliant() {
    char buff[20] = "";
    strcat(buff, "foo");  //Compliant
    printf("%s\n", buff);
}

int main(void) {
    example_NonCompliant();
    return 0;
}
Issue

This issue occurs when a pointer is not assigned an address before dereference.

Risk

Unless a pointer is explicitly assigned an address, it points to an unpredictable location.

Fix

The fix depends on the root cause of the defect. For instance, you assigned an address to the pointer but the assignment is unreachable.

Often the result details (or source code tooltips in Polyspace as You Code™) show a sequence of events that led to the defect. You can implement the fix on any event in the sequence. If the result details do not show this event history, you can search for previous references of variables relevant to the defect using right-click options in the source code and find related events. See also Interpret Polyspace Bug Finder Results in Polyspace Platform User Interface or Interpret Bug Finder Results in Polyspace Access Web Interface (Polyspace Access).

See examples of fixes below. It is a good practice to initialize a pointer to NULL when declaring the pointer.

If you do not want to fix the issue, add comments to your result or code to avoid another review. See:

Non-initialized pointer error
#include <stdlib.h>

int* assign_pointer(int* prev)
{
    int j = 42;
    int* pi;

    if (prev == NULL) 
      {
        pi = (int*)malloc(sizeof(int));
        if (pi == NULL) return NULL;
      }

    *pi = j;                    
    /* Defect: Writing to uninitialized pointer */

    return pi;
}

If prev is not NULL, the pointer pi is not assigned an address. However, pi is dereferenced on every execution paths, irrespective of whether prev is NULL or not.

Correction — Initialize Pointer on Every Execution Path

One possible correction is to assign an address to pi when prev is not NULL.

#include <stdlib.h>

int* assign_pointer(int* prev)
{
    int j = 42;
    int* pi;

    if (prev == NULL) 
       {
        pi = (int*)malloc(sizeof(int));
        if (pi == NULL) return NULL;
       } 
    /* Fix: Initialize pi in branches of if statement  */
    else 
        pi = prev;              
    

    *pi = j;

    return pi;
}

Check Information

Category: Resource Management Errors
PQL Name: std.cwe_native.R909

Version History

Introduced in R2026a

See Also

Topics

External Websites