...
STR36-EX1: If the intention is to create an a character array and not a null-terminated byte string, initializing to fit exactly without a null byte is allowed but not recommended. The preferred approach to create an array containing just the three characters, 'a', 'b', and 'c', for example, is to declare each character literal as a separate element as follows:
| Code Block | ||
|---|---|---|
| ||
char s[3] = { 'a', 'b', 'c' }; /* NOT a string */ |
Again, if one is providing an initializer to an array, an explicit dimension is unnecessary, and, in fact, discouraged.
Also, one should make clear in comments or documentation if a character array is, in fact, not a null-terminated byte string.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
STR36-C | high | probable | low | P18 | L1 |
...