SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 90

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 91

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Variable-length arrays (VLA) are essentially the same as traditional C arrays, except that they are declared with a size that is not a constant integer expression, and may be declared only at block scope or function prototype scope and no linkage. A variable-length array can be declared as follows:

Code Block
{   /* block scope */
    char vla[size];
}

Wiki Markup
where the integer expression {{size}} and the declaration of {{vla}} are both evaluated at runtime. If the size argument supplied to a variable-length array is not a positive integer value, the behavior is undefined. (seeSee [undefined behavior 69|CC. Undefined Behavior#ub_69] in Annex J of C99.). In addition, if the magnitude of the argument is excessive the program may behave in an unexpected way. An attacker may be able to leverage this behavior to overwrite critical program data \[[Griffiths 062006|AA. Bibliography#Griffiths 06]\]. The programmer must ensure that size arguments to variable-length arrays are valid and have not been corrupted as the result of an exceptional integer condition.

...

In this noncompliant code example, a variable-length array of size size is declared. The size is declared as size_t in compliance with guideline INT01-C. Use rsize_t or size_t for all integer values representing the size of an object.

...

This compliant solution ensures the size argument used to allocate vla is in a valid range (between 1 and a programmer-defined maximum); otherwise, otherwise it uses an algorithm that relies on dynamic memory allocation.

...

Newer versions of GCC have incorporated variable length arrays, but do not yet claim full C99 conformance. As suchTherefore, variable length arrays should only be used on GCC with great care.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ARR32-C

high

probable

high

P6

L2

Automated Detection

...

Tool

Version

Checker

Description

Section

Coverity Prevent

Include Page
c:Coverity_V
c:Coverity_V
Section

REVERSE_NEGATIVE

...

NEGATIVE_RETURNS

...

Section

can find the instances where data is read/write from a negative array index

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

Wiki Markup
\[[Griffiths 062006|AA. Bibliography#Griffiths 06]\]
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "XYX Boundary Beginning Violation" and "XYZ Unchecked Array Indexing"

...