...
| Code Block | ||
|---|---|---|
| ||
void func(size_t s) {
int vla[s];
/* ... */
}
/* ... */
func(size);
/* ... */
|
However, it is unclear whether the value of s is a valid size argument. Depending on how VLAs are implemented, the size may be interpreted as a negative value or a very large positive value. In either case, this may result in a security vulnerability.
Compliant Code Solution
Validate size arguments used in VLA declarations. The solution below ensures the size argument, s, used to allocate vla is in a valid range: 1 to a user-defined constant.
...