...
However, it is unclear whether the value of s is a valid size argument. Depending The size s could have the value 0. And, depending on how VLAs are implemented, the size may be interpreted as a negative value or a very large positive value, in particular a value too large for the array to be properly allocated. In either case, this may result in a security vulnerability.
...