...
Flexible array members are defined in subclause 6.7.2.1, paragraph 18 of 18, of the C Standard [ISO/IEC 9899:2011] as follows:
...
- The incomplete array type must be the last element within the structure.
- There cannot be an array of structures that contain a flexible array member.
- Structures that contain a flexible array member cannot be used as a member of another structure except as the last element of that structure.
- The structure must contain at least one named member in addition to the flexible array member.
MEM33-C. Allocate and copy structures containing flexible array members dynamically describes how to allocate and copy structures containing flexible array members.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdlib.h>
struct flexArrayStruct {
int num;
int data[1];
};
void func(size_t array_size) {
/* Space is allocated for the struct */
struct flexArrayStruct *structP
= (struct flexArrayStruct *)
malloc(sizeof(struct flexArrayStruct)
+ sizeof(int) * (array_size - 1));
if (structP == NULL) {
/* Handle malloc failure */
}
structP->num = array_size;
/*
* Access data[] as if it had been allocated
* as data[array_size].
*/
for (size_t i = 0; i < array_size; ++i) {
structP->data[i] = 1;
}
} |
This example has undefined behavior when accessing any element other than the first element of data. (See subclause 6.5.6 of the C Standard [ISO/IEC 9899:2011].) Consequently, the compiler can generate code that does not return the expected value when accessing the second element of data.
...
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
| CERT C Secure Coding Standard | MEM33-C. Allocate and copy structures containing flexible array members dynamically |
Bibliography
| [ISO/IEC 9899:2011] | Subclause 6.5.6, "Additive Operators" Subclause 6.7.2.1, "Structure and Union Specifiers" |
| [McCluskey 2001] | "Flexible Array Members and Designators in C9X" |
...