Skip to content

Implement zlint rule 'returned-stack-reference' #13

New issue
New issue
Open
Open
Implement zlint rule 'returned-stack-reference'#13
Labels
rule-requestRequest for a new lint rule
@rockorager

Description

@rockorager
rockorager
opened on Jan 30, 2026

Rule: returned-stack-reference

Checks for functions that return references (pointers/slices) to stack-allocated memory.

Once a function returns and the stack frame is popped, any pointers into that frame become dangling. This leads to segfaults or undefined behavior.

Example

// Bad: returns pointer to stack-allocated array
fn getData() *[4]u8 {
    var buf: [4]u8 = .{ 1, 2, 3, 4 };
    return &buf;
}

// Good: take a buffer parameter
fn getData(buf: *[4]u8) void {
    buf.* = .{ 1, 2, 3, 4 };
}

Implementation notes

Complexity: requires control flow / data flow analysis

This needs to track which local variables are stack-allocated and whether any return path yields a pointer derived from them. This is non-trivial and even zlint marks this rule as "nursery" (early development). Would require significant analysis infrastructure beyond what ziglint currently has.

Reference

Suggested-By: @mattrobenolt

Metadata

Metadata

Assignees

No one assigned

    Labels

    rule-requestRequest for a new lint rule

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions