Input arguments reside inside the enclave when the ISV interface function is invoked. However, when an input is passed by reference, only the reference (the pointer address) will be inside the enclave. The value referenced could be outside and change at any time. For instance, an attacker may change the value after the enclave code checks the function parameters.
The enclave writer must handle references or pointers with special care. An application may pass a pointer referencing a memory location within the enclave boundary, which may cause the enclave to inadvertently overwrite enclave code or data. Similarly, if the enclave software is not aware that a pointer references an untrusted location, the enclave may leak secrets. To prevent these issues, the enclave software must determine whether the memory region (specified by a pointer and size) is inside or outside the enclave linear range before dereferencing the pointer. Additionally, the enclave must ensure the data cannot be modified after it is checked. Developers should only pass through the enclave boundary interface pointers to objects of scope known inside the enclave. Thus pointers to C data structures are reasonable, but pointers to C++ objects are not.