...
In this example, a VLA of size s
is declared. In accordance with s
being Recommendation INT01-A. Use size_t for all integer values representing the size of an object, s
is of type size_t
as it is used to specify the size of an object. However, it is unclear whether or not the value of s
is a valid size argument. Depending on how VLAs are implemented s
may be interpreted as a negative value or a very large value. In either case, this may result in a security vulnerability.
...