Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
int array[] = {1, 2, 3}; /* 3-element array */

but one can it is possible to use designators to initialize array elements in a non-contiguous fashion. section C99 Section 6.7.8 "initialization" states:

Space can be "allocated" from both ends of an array by using a single designator:

Code Block
int a[MAX] = {
  1, 3, 5, 7, 9, [MAX-5] = 8, 6, 4, 2, 0
};

In the above, if MAX is greater than ten, there will be some zero-valued elements in the middle; if it is less than ten, some of the values provided by the first five initializers will be overridden by the second five.

C99 also dictates how array initialization is handled when the number of initialiation initialization elements does not equal the explicit array demsniondimension. From C99 Section 6.7.8, "InitialiationInitialization", paragraph 21 states:

If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, or fewer characters in a string literal used to initialize an array of known size than there are elements in the array, the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration.

...

If an array of unknown size is initialized, its size is determined by the largest indexed element with an explicit initializer. At the end of its initializer list, the array no longer has incomplete type.

So while C While compilers can compute the size of an array based on its initialization list, we recommend explicitly specifying the size of the array explicitly. This provides a redundancy check that the array's size is correct. It also enables compilers to emit warnings if the array's size is less than the size implied by the initialization.

Note that this advice recommendation does not apply to character arrays initialized with string literals, see STR36-C. Do not specify the dimension of a character array initialized with a string literal for more information.

Non-Compliant Code Example (Incorrect Size)

The following This non-compliant code example initializes an array of integers using an initialization with too many elements for the array.

...

The size of the array a is three, although the size of the initialization is four. The last element of the initialization (4) is ignored. Most compilers will diagnose this error.

Implementation Details

This code will generate non-compliant code example generates a warning in gcc. Microsoft Visual Studio 2008 generates a fatal diagnostic: error C2078: too many initializers.

Non-Compliant Code Example (Implicit Size)

The following This non-compliant code example initializes an array of integers using an initialization with too many elements for the array.

Code Block
bgColor#FFCCCC
int a[] = {1, 2, 3, 4};

The compiler will correctly assume In this example, the compiler allocates an array size of 4 integer elements. But However, if the initializer ever changes, the array size might dimension may also change, cuasing causing unexpected results.

Compliant Solution

This compliant solution explicitly specifies the array dimension of the array correctly.

Code Block
bgColor#ccccff
int a[4] = {1, 2, 3, 4};

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ARR02-A

medium

unlikely

low

P6

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...