...
MEM33-C. Allocate and copy structures containing flexible array members dynamically describes how to allocate and copy structures containing flexible array members.
Noncompliant Code Example
Before the introduction of flexible array members in the C Standard, structures with a one-element array as the final member were used to achieve similar functionality. This noncompliant code example illustrates how struct flexArrayStruct is declared in this case.
...
This approach may be the only alternative for compilers that do not yet implement the standard C syntax.
Compliant Solution
This compliant solution uses the flexible array member to achieve a dynamically sized structure:
...
This compliant solution allows the structure to be treated as if it had declared the member data[] to be data[array_size] in a manner that conforms to the C Standard.
Risk Assessment
Failing to use the correct syntax can result in undefined behavior, although the incorrect syntax will work on most implementations.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL38-C | Low | Unlikely | Low | P3 | L3 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
|
| Can detect some violations of this rule. In particular, it warns if the last element of a |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| CERT C Secure Coding Standard | MEM33-C. Allocate and copy structures containing flexible array members dynamically |
Bibliography
| [ISO/IEC 9899:2011] | Subclause 6.5.6, "Additive Operators" Subclause 6.7.2.1, "Structure and Union Specifiers" |
| [McCluskey 2001] | "Flexible Array Members and Designators in C9X" |
...