Page History

...

This definition means that when allocating storage, only the first member, num, is considered. Consequently, the result of accessing the member data of a variable of nonpointer type struct flexArrayStruct is undefined. DCL38-C. Use the correct syntax when declaring a flexible array membersmember describes the correct way to declare a struct with a flexible array member.

...

• Have allocated storage duration (be allocated via malloc() or another dynamic allocation function)
• Be dynamically copied using memcpy() or a similar function
• Be passed as a pointer to functions

Noncompliant Code Example (Storage Duration)

This noncompliant code example uses automatic storage for a structure containing a flexible array member:

...

Because flexStruct does not use allocated memory, no space is reserved for the data member. Accessing the data member is undefined behavior.

Compliant Solution (Storage Duration)

This compliant solution dynamically allocates storage for struct flexArrayStruct:

#include <stdlib.h>
 
struct flexArrayStruct {
  size_t num;
  int data[];
};
 
void func(void) {
  struct flexArrayStruct *flexStruct;
  size_t array_size = 4;

  /* Dynamically allocate memory for the struct */
  flexStruct = (struct flexArrayStruct *)malloc(
    sizeof(struct flexArrayStruct) + sizeof(int) * array_size);
  if (flexStruct == NULL) {
    /* Handle error */
  }

  /* Initialize structure */
  flexStruct->num = array_size;

  for (size_t i = 0; i < array_size; ++i) {
    flexStruct->data[i] = 0;
  }
}

Noncompliant Code Example (Copying)

This noncompliant code example attempts to copy an instance of a structure containing a flexible array member (struct flexArrayStruct) by assignment:

...

When the structure is copied, the size of the flexible array member is not considered, and only the first member of the structure, num, is copied, leaving the array contents untouched.

Compliant Solution (Copying)

This compliant solution uses memcpy() to properly copy the content of structA into structB:

#include <string.h>
 
struct flexArrayStruct {
  size_t num;
  int data[];
};
 
void func(struct flexArrayStruct *structA,
          struct flexArrayStruct *structB) {
  if (structA->num > structB->num) {
    /* Insufficient space; handle error */
    return;
  }
  memcpy(structB, structA,
         sizeof(struct flexArrayStruct) + (sizeof(int)
           * structA->num));
}

Noncompliant Code Example (Function Arguments)

In this noncompliant code example, the flexible array structure is passed directly to a function that prints the array elements:

...

Because C passes the argument by value, the size of the flexible array member is not considered when the structure is copied, and only the first member of the structure, num, is copied.

Compliant Solution (Function Arguments)

In this compliant solution, the print_array() function accepts a pointer to the structure rather than the structure itself:

#include <stdio.h>
#include <stdlib.h>
 
struct flexArrayStruct {
  size_t num;
  int data[];
};
 
void print_array(struct flexArrayStruct *structP) {
  puts("Array is: ");
  for (size_t i = 0; i < structP->num; ++i) {
    printf("%d", structP->data[i]);
  }
}
 
void func(void) {
  struct flexArrayStruct *structP;
  size_t array_size = 4;

  /* Space is allocated for the struct */
  structP = (struct flexArrayStruct *)malloc(
    sizeof(struct flexArrayStruct) + sizeof(int) * array_size);
  if (structP == NULL) {
    /* Handle error */
  }
  structP->num = array_size;

  for (size_t i = 0; i < array_size; ++i) {
    structP->data[i] = i;
  }
  print_array(structP);
}

Risk Assessment

Failure to use structures with flexible array members correctly can result in undefined behavior. 

Automated Detection

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography

...