The C standard allows an array variable to be declared both with a bound and with an initialization literal. The initialization literal also implies an array bound , in the number of elements specified.
The size implied by an initialization literal is usually specified by the number of elements,
| Code Block |
|---|
int array[] = {1, 2, 3}; /* 3-element array */
|
but it is also possible to use designators to initialize array elements in a noncontiguous fashion. C99, Section 6.7.8, 9, Example 12, of the C standard [ISO/IEC 9899:19992011] states:
Space can be "allocated" from both ends of an array by using a single designator:
Code Block int a[MAX] = { 1, 3, 5, 7, 9, [MAX-5] = 8, 6, 4, 2, 0 };In the above, if
MAXis greater than ten, there will be some zero-valued elements in the middle; if it is less than ten, some of the values provided by the first five initializers will be overridden by the second five.
C99 also The C standard also dictates how array initialization is handled when the number of initialization elements does not equal the explicit array bound. C99, Section 6.7.8, "Initialization", paragraph 21 states9, para. 21–22, states:
If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, or fewer characters in a string literal used to initialize an array of known size than there are elements in the array, the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration.
...
If an array of unknown size is initialized, its size is determined by the largest indexed element with an explicit initializer. At The array type is completed at the end of its initializer list, the array no longer has incomplete type.
While compilers Although compilers can compute the size of an array based on its array on the basis of its initialization list, explicitly specifying the size of the array provides a redundancy check, ensuring that the array's size is correct. It also enables compilers to emit warnings if the array's size is less than the size implied by the initialization.
Note that this recommendation does not apply (in all cases) to character arrays initialized with string literals. See rule STR36-C. Do not specify the bound of a character array initialized with a string literal for more information.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int a[3] = {1, 2, 3, 4};
|
The size of the array a is 3, although the size of the initialization is 4. The last element of the initialization (4) is ignored. Most compilers will diagnose this error.
...
This noncompliant code example generates a warning in gccGCC. Microsoft Visual Studio 2008 generates a fatal diagnostic: error C2078: too many initializers.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int a[] = {1, 2, 3, 4};
|
Compliant Solution
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int a[4] = {1, 2, 3, 4};
|
Explicitly specifying the array bound, although it is implicitly defined by an initializer, allows a compiler or other static analysis tool to issue a diagnostic if these values do not agree.
Exceptions
ARR02-EX0: Rule STR36-C. Do not specify the bound of a character array initialized with a string literal is a specific exception to this recommendation that ; it requires that the bound of a character array initialized with a string literal is unspecified.
...
Tool | Version | Checker | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Section | Compass/ROSE |
|
| section | |||||||
| | Section | 127 S | | Section | Partially Implemented sectionimplemented | |||||||
| | Section | araydecl Section | | Fully Implementedimplemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
CERT C++ Secure Coding Standard: ARR02-CPP. Explicitly specify array bounds, even if implicitly defined by an initializer
ISO/IEC 9899:19992011 Section 6.7.89, "Initialization"
MITRE CWE: CWE-665, "Incorrect or Incomplete Initializationincomplete initialization"
Bibliography
...