Integer conversions, both implicit and explicit (using a cast), must be guaranteed not to result in lost or misinterpreted data. This is particularly true for integer values that originate from untrusted sources and are used in any of the following ways:
- integer Integer operands of any pointer arithmetic, including array indexing;
- the The assignment expression for the declaration of a variable length array;
- the The postfix expression preceding square brackets
[]or the expression in square brackets[]of a subscripted designation of an element of an array object; and - function Function arguments of type
size_torrsize_t(for example, an argument to a memory allocation function).
...