The C standard [ISO/IEC 9899:2011] provides Standard provides flexible array members in the C language. While flexible array members are useful, they need to be understood and used with care.
...
The problem with this code is that the flexArrayStruct does not actually reserve space for the integer array data; it can't because the size is not specified. Consequently, while although initializing the num member to zero is allowed, attempting to write even one value into data (that is, data[0]) is likely to overwrite memory outside of the object's bounds.
...
The data[] member of flexStruct can now be accessed as described in the C standardStandard, Section 6.7.2.1, paragraph 18 [ISO/IEC 9899:2011].
...
Automated Detection
Flexible array structs structs should not be
- declared on the stack; they should be on the heap.
- copied via assignment; they should be copied using
memcpy()or a similar function. - passed as raw arguments to functions; a pointer should be passed to
flexArrayStructintead instead.
Tool | Version | Checker | Description |
|---|---|---|---|
ROSE |
|
| Can detect all of these. |
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Bibliography
...
| ] | Section 6.7.2.1, "Structure and |
...
| Union Specifiers" |
Bibliography
...