Page History

The C standard Standard allows an array variable to be declared both with a bound index and with an initialization literal. The initialization literal also implies an array size in the number of elements specified. For strings, the size specified by a string literal is the number of characters in the literal plus one for the terminating null character.

It is common for an array variable to be initialized by a string literal and declared with an explicit bound that matches the number of characters in the string literal. Section 6.7.9, para. 14, of the C Standard [ISO/IEC 9899:2011], says:

...

Tool

Version

Checker

Description

Splint

Include Page

Splint_V

Compass/ROSE

ECLAIR

Include Page

	ECLAIR_V
	ECLAIR_V

araydecl

Fully implemented

PRQA QA-C

Include Page

	PRQA_V
	PRQA_V

1312

Partially implemented

Splint

Include Page

	Splint_V
	Splint_V

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard

...

STR36-CPP. Do not specify the bound of a character array initialized with a string literal

...

ISO/IEC TR 24772

...

String termination

...

[CJM]

Bibliography

[ECTC 1998]

Section A.8, "Character

...

Array Initialization"
[ISO/IEC 9899:2011]	Section 6.7.9, "Initialization"
[Seacord 2005a]	Chapter 2, "Strings"

...

Space shortcuts

Page tree

Versions Compared

Old Version 60

New Version 61

Key

Related Vulnerabilities

Related Guidelines

Bibliography