In computing, an uninitialized variable is a variable that is declared but is not set to a definite known value before it is used. It will have some value, but not a predictable one. As such, it is a programming error and a common source of bugs in software.
A common assumption made by novice programmers is that all variables are set to a known value, such as zero, when they are declared. While this is true for many languages, it is not true for all of them, and so the potential for error is there. Languages such as C use stack space for variables, and the collection of variables allocated for a subroutine is known as a stack frame. While the computer will set aside the appropriate amount of space for the stack frame, it usually does so simply by adjusting the value of the stack pointer, and does not set the memory itself to any new state. Therefore, whatever contents of that memory at the time will appear as initial values of the variables which occupy those addresses. Here's a simple example in C: void count
The final value of k is undefined. The answer that it must be 10 assumes that it started at zero, which may or may not be true. Note that in the example, the variable i is initialized to zero by the first clause of the for statement. Another example can be when dealing with structs. In the code snippet below, we have a struct student which contains some variables describing the information about a student. The function register_student leaks memory because it fails to fully initialize the members of struct student new_student. If we take a closer look, in the beginning, age, semester and student_number are initialized. But the initialization of the first_name and last_name members are incorrect. This is because if the length of first_name and last_name character arrays are less than 16 bytes, during the , we fail to fully initialize the entire 16 bytes of memory reserved for each of these members. Hence after 'ing the resulted struct to output, we leak some stack memory to the caller. struct student ; int register_student
In any case, even when a variable is implicitly initialised to a default value like 0, this is typically not the correct value. Initialised does not mean correct if the value is a default one. In C, variables with static storage duration that are not initialized explicitly are initialized to zero. Not only are uninitialized variables a frequent cause of bugs, but this kind of bug is particularly serious because it may not be reproducible: for instance, a variable may remain uninitialised only in some branch of the program. In some cases, programs with uninitialized variables may even pass software tests.
Impacts
Uninitialized variables are powerful bugs since they can be exploited to leak arbitrary memory or to achieve arbitrary memory overwrite or to gain code execution, depending on the case. When exploiting a software which utilizes address space layout randomization, it is often required to know the base address of the software in memory. Exploiting an uninitialized variable in a way to force the software to leak a pointer from its address space can be used to bypass ASLR.
Use in languages
Uninitialized variables are a particular problem in languages such as assembly language, C, and C++, which were designed for systems programming. The development of these languages involved a design philosophy in which conflicts between performance and safety were generally resolved in favor of performance. The programmer was given the burden of being aware of dangerous issues such as uninitialized variables. In other languages, variables are often initialized to known values when created. Examples include:
VHDL initializes all standard variables into special 'U' value. It is used in simulation, for debugging, to let the user to know when the don't care initial values, through the multivalued logic, affect the output.
Java does not have uninitialized variables. Fields of classes and objects that do not have an explicit initializer and elements of arrays are automatically initialized with the default value for their type. Local variables in Java must be definitely assigned to before they are accessed, or it is a compile error.
Python initializes local variables to NULL and raises an UnboundLocalError when such a variable is accessed before being initialized to a valid value.
D initializes all variables unless explicitly specified by the programmer not to.
Even in languages where uninitialized variables are allowed, many compilers will attempt to identify the use of uninitialized variables and report them as compile-time errors.
