...
Note that this advice does not apply to character arrays initialized with string literals, see STR36-C. Do not specify the dimension of a character array initialized with a string literal for more information.
Non-Compliant Code Example (Incorrect Size)
The following non-compliant code initializes an array of integers using an initialization with too many elements for the array.
...
This code will generate a warning in gcc.
Non-Compliant Code Example (Implicit Size)
The following non-compliant code initializes an array of integers using an initialization with too many elements for the array.
...
The compiler will correctly assume an array size of 4. But if the initializer ever changes, the array size might change, cuasing unexpected results.
Compliant Solution
This compliant solution specifies the dimension of the array correctly.
...
This is the preferred approach, because a programmer who changes the initializer size will be warned by the compiler that the array index should also change to accommodate the initializer.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ARR02-A | medium | unlikely | low | P6 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] |
...