<table border="1" cellspacing="0" cellpadding="8">
    <tr>
        <th>Issue</th>
        <td>
            <a href=https://github.com/llvm/llvm-project/issues/122985>122985</a>
        </td>
    </tr>

    <tr>
        <th>Summary</th>
        <td>
            [clang-tidy] Check request: detect saving stack addresses beyond their lifetime
        </td>
    </tr>

    <tr>
      <th>Labels</th>
      <td>
            clang-tidy
      </td>
    </tr>

    <tr>
      <th>Assignees</th>
      <td>
      </td>
    </tr>

    <tr>
      <th>Reporter</th>
      <td>
          asund
      </td>
    </tr>
</table>

<pre>
    This seems to be missed by existing stack address check as the address doesn't escape scope of the stack but is preserved between scopes using a static variable.
```
auto f() {
  process stack_array[] = { method1, method2, method3 };
  static *process process_to_use = nullptr;

  if (!process) {
    // some expensive init later...
    process = &stack_array[n];
 }

  if (!process) {
   process->do_processing();  // segfault
 }
}
```
process_to_use has a stale value when the function is called again. stack_array needs to have static lifetime in this case.
</pre>
<img width="1" height="1" alt="" src="http://email.email.llvm.org/o/eJyMU8uSozoM_RqzUYUCG5KwYJHu3HzB3acMFuB7jc1YNt35-yke6c7MbKaKwo-Szjk6siSR7i1izco3Vl4TGcPgfC0pWpU0Tj3qfwdNQIgjQXDQIIyaCBU0D8BPTUHbHijI9n-QSnkkgnbA5UQQBvy6VA7JMn4KgNTKCYFaNyG4bo3aAJoYQBNMHgn9vHBg-EC0WyxBpIVMLtFBtzBLr2VjMGXZhR2z_csuMgYHHeNnxitgpzeWXQAm79pFx8p0l97Lx1YyMHFdomDEMDiVM_6-b_n3VgA7XZnYoHZ6xi9P0H29B3ePhCuijcZMwW85a5ruYNWU79Gv6gAYvzF-A3IjAn5OaEnPCNrqAEYG9Gma7pFP0lU3P_5akGXlU-ei-G-o97sDE_8od99P2vabgUy8fYvDvpPRhBf07f9i_m9WDJK2hhmEWZqI8DGgXXveRdsG7ezS8lYagwpkL7VNX3sEFlGtL2-QMz6tN7rDoMfFHwjDmk-YJqoWqhKVTLDOT-J4rk6nXCRDLZUoOlVmlcq6ipdFcT7nVSWL8zHLmipvE13zjJdZnhdciDIXaXXsZKFElxUSuwwlKzIcpTapMfOYOt8nmihinXNencvEyAYNrTPEeWuk7Q9BqwfjfJkpXy9Zhyb2xIrMaAr0jRN0MOv0vaSVV3hfZ8jjj4gUmLiAwoBtAJLzHwOHBA0-nFWLrdp_uZNEb-ohhImYuGwt7HUYYpO2bmT8tmjYl8Pk3X_YBsZva2HE-G2vba75zwAAAP__dspUoQ">