Use of unique pointer after lifetime ends¶
ID: cpp/use-of-unique-pointer-after-lifetime-ends Kind: problem Security severity: 8.8 Severity: warning Precision: high Tags: - reliability - security - external/cwe/cwe-416 - external/cwe/cwe-664 Query suites: - cpp-code-scanning.qls - cpp-security-extended.qls - cpp-security-and-quality.qls Click to see the query in the CodeQL repository
Calling get on a std::unique_ptr object returns a pointer to the underlying allocations. When the std::unique_ptr object is destroyed, the pointer returned by get is no longer valid. If the pointer is used after the std::unique_ptr object is destroyed, then the behavior is undefined.
Recommendation¶
Ensure that the pointer returned by get does not outlive the underlying std::unique_ptr object.
Example¶
The following example gets a std::unique_ptr object, and then converts the resulting unique pointer to a pointer using get so that it can be passed to the work function. However, the std::unique_ptr object is destroyed as soon as the call to get returns. This means that work is given a pointer to invalid memory.
#include <memory> std::unique_ptr<T> getUniquePointer(); void work(const T*); // BAD: the unique pointer is deallocated when `get` returns. So `work` // is given a pointer to invalid memory. void work_with_unique_ptr_bad() { const T* combined_string = getUniquePointer().get(); work(combined_string); } The following example fixes the above code by ensuring that the pointer returned by the call to get does not outlive the underlying std::unique_ptr objects. This ensures that the pointer passed to work points to valid memory.
#include <memory> std::unique_ptr<T> getUniquePointer(); void work(const T*); // GOOD: the unique pointer outlives the call to `work`. So the pointer // obtainted from `get` is valid. void work_with_unique_ptr_good() { auto combined_string = getUniquePointer(); work(combined_string.get()); }