Return of Pointer Value Outside of Expected Range

When a function is designed to return a pointer within a specific buffer—like an array or allocated memory block—but instead returns an address outside that boundary, it breaks fundamental memory safety assumptions. This often happens due to incorrect offset calculations, boundary check failures, or mishandling of edge cases in pointer arithmetic. The returned pointer might point to unrelated data structures, freed memory, or even invalid addresses, leading to unpredictable behavior. From a security perspective, this flaw can be exploited to read sensitive data from other parts of memory (information disclosure) or to corrupt memory if the pointer is later used for writing. Developers should rigorously validate all pointer calculations, ensure functions explicitly document their return range contracts, and use modern memory-safe languages or sanitizers to catch these errors during testing.