The C standard [ISO/IEC 9899:2011] provides flexible array members in the C language. While flexible array members are useful, they need to be understood and used with care.
...
The data[] member of flexStruct can now be accessed as described in the C standard, Section 6.7.2.1, paragraph 18 [ISO/IEC 9899:2011].
Noncompliant Code Example (Copying)
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
ISO/IEC 9899:2011 Section 6.7.2.1, "Structure and union specifiers"
Bibliography
...