...
In this non-compliant code, an array of size 1 is declared, but when the structure itself is instantiated, the size computed for malloc() is modified to take into account for the full actual size of the dynamic array. This is the syntax used by ISO C89.
...
The non-compliant example may be the only alternative for compilers that do not yet implement the C99 syntax. Microsoft Visual Studio 2005 does not implement the C99 syntax.
...
- The incomplete array type must be the last element within the structure.
- You cannot have an array of structure if the structure contains structures that contain flexible array members.
- Structures that contain a flexible array member cannot be used as a member in the middle of another structure.
- You cannot apply the
sizeofoperator to a flexible array.
...
Failing to use the correct syntax can result in undefined behavior, although the (incorrect) syntax will work under on most architecturesimplementations.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM33-C | 1 (low) | 1 (unlikely) | 3 (low) | P3 | L3 |
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[McCluskey 01|AA. C References#McCluskey 01]\] ;login:, July 2001, Volume 26, Number 4 \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.2.1, "Structure and union specifiers" \[[McCluskey 01|AA. C References#McCluskey 01]\] ;login:, July 2001, Volume 26, Number 4 |
...
MEM32-C. Detect and handle critical memory allocation errors 08. Memory Management (MEM)