SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 23

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 24

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The size implied by an initialization literal is usually specified by the number of elements:

Code Block
int array[] = {1, 2, 3}; /* 3-element array */

Wiki Markup
but it is also possible to use designators to initialize array elements in a noncontiguous fashion. C99, Section 6.7.8, \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] states:

Space can be "allocated" from both ends of an array by using a single designator:

Code Block
int a[MAX] = {
  1, 3, 5, 7, 9, [MAX-5] = 8, 6, 4, 2, 0
};

In the above, if MAX is greater than ten, there will be some zero-valued elements in the middle; if it is less than ten, some of the values provided by the first five initializers will be overridden by the second five.

C99 also dictates how array initialization is handled when the number of initialization elements does not equal the explicit array bound. C99, Section 6.7.8, "Initialization", paragraph 21 states:

If there are fewer initializers in a brace-enclosed list than there are elements or members of an aggregate, or fewer characters in a string literal used to initialize an array of known size than there are elements in the array, the remainder of the aggregate shall be initialized implicitly the same as objects that have static storage duration.

And paragraph 22 states:

If an array of unknown size is initialized, its size is determined by the largest indexed element with an explicit initializer. At the end of its initializer list, the array no longer has incomplete type.

While compilers can compute the size of an array based on its initialization list, explicitly specifying the size of the array provides a redundancy check, ensuring that the array's size is correct. It also enables compilers to emit warnings if the array's size is less than the size implied by the initialization.

Note that this recommendation does not apply (in all cases) to character arrays initialized with string literals, see . See guideline STR36-C. Do not specify the bound of a character array initialized with a string literal for more information.

...

Explicitly specifying the array bound, although it is implicitly defined by an initializer, allows a compiler or other static analysis tool to issue a diagnostic if these values do not agree.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ARR02-C

medium

unlikely

low

P6

L2

Automated Detection

Tool

Version

Checker

Description

Section

Compass/ROSE

...

 

 

 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : ARR02-CPP. Explicitly specify array bounds, even if implicitly defined by an initializer.

Bibliography

Wiki Markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.7.8, "Initialization"
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 665|http://cwe.mitre.org/data/definitions/665.html], "Incorrect or Incomplete Initialization"

...