...
ARR02-C-EX1: STR11-C. Do not specify the bound of a character array initialized with a string literal is a specific exception to this recommendation; it requires that the bound of a character array initialized with a string literal is unspecified.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ARR02-C | Medium | Unlikely | Low | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| array-size-global | Partially checked | ||||||
| CodeSonar |
| LANG.STRUCT.DECL.FAM | Declaration of flexible array member | ||||||
| Compass/ROSE |
| CC2.ARR02 | Fully implemented | |||||||
| LDRA tool suite |
| 127 S | Fully implemented | ||||||
| Polyspace Bug Finder | R2016a | Improper array initialization | Incorrect array initialization when using initializers | ||||||
| PRQA QA-C |
| 0688,3674,3684, 678 | Fully implemented | ||||||
| RuleChecker |
| array-size-global | Partially checked | ||||||
| SonarQube C/C++ Plugin |
| S834 |
| PVS-Studio | 6.22 | V798 | General analysis rule |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C | CTR02-CPP. Explicitly specify array bounds, even if implicitly defined by an initializer | Prior to 2018-01-12: CERT: Unspecified Relationship |
| CWE 2.11 | CWE-665, Incorrect or incomplete initialization | Prior to 2018-01-12: CERT: |
| MISRA C:2012 | Rule 8.11 (advisory) | Prior to 2018-01-12: CERT: Unspecified Relationship |
| MISRA C:2012 | Rule 9.5 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship |
Bibliography
| [ISO/IEC 9899:2011] | Subclause 6.7.9, "Initialization" |
...
...