...
Flexible array members are defined in section subclause 6.7.2.1 of the C Standard [ISO/IEC 9899:2011] as follows:
...
The problem with using this approach is that the behavior is undefined when accessing other than the first element of data. (See section subclause 6.5.6 of the C Standard [ISO/IEC 9899:2011].) Consequently, the compiler can generate code that does not return the expected value when accessing the second element of data.
...
This compliant solution allows the structure to be treated as if it had declared the member data[] to be data[array_size] in a manner that conforms to the C Standard. Note that Microsoft Visual Studio implements support for flexible array members, but some versions (such as MSVC 11) warn that this is a non-standard nonstandard extension.
Risk Assessment
...
Tool | Version | Checker | Description |
|---|---|---|---|
|
| Can detect some violations of this rule. In particular, it warns if the last element of a |
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
| [ISO/IEC 9899:2011] | Section Subclause 6.7.2.1, "Structure and Union Specifiers" |
| [McCluskey 2001] | "Flexible Array Members and Designators in C9X" |
...