Use of unique pointer after lifetime ends¶
ID: cpp/use-of-unique-pointer-after-lifetime-ends Kind: problem Security severity: 8.8 Severity: warning Precision: high Tags: - reliability - security - external/cwe/cwe-416 - external/cwe/cwe-664 Query suites: - cpp-code-scanning.qls - cpp-security-extended.qls - cpp-security-and-quality.qls Click to see the query in the CodeQL repository
Calling get on a std::unique_ptr object returns a pointer to the underlying allocations. When the std::unique_ptr object is destroyed, the pointer returned by get is no longer valid. If the pointer is used after the std::unique_ptr object is destroyed, then the behavior is undefined.
Recommendation¶
Ensure that the pointer returned by get does not outlive the underlying std::unique_ptr object.
Example¶
The following example gets a std::unique_ptr object, and then converts the resulting unique pointer to a pointer using get so that it can be passed to the work function. However, the std::unique_ptr object is destroyed as soon as the call to get returns. This means that work is given a pointer to invalid memory.
#include<memory>std::unique_ptr<T>getUniquePointer();voidwork(constT*);// BAD: the unique pointer is deallocated when `get` returns. So `work`// is given a pointer to invalid memory.voidwork_with_unique_ptr_bad(){constT*combined_string=getUniquePointer().get();work(combined_string);}The following example fixes the above code by ensuring that the pointer returned by the call to get does not outlive the underlying std::unique_ptr objects. This ensures that the pointer passed to work points to valid memory.
#include<memory>std::unique_ptr<T>getUniquePointer();voidwork(constT*);// GOOD: the unique pointer outlives the call to `work`. So the pointer// obtainted from `get` is valid.voidwork_with_unique_ptr_good(){autocombined_string=getUniquePointer();work(combined_string.get());}