...
Compliant Solution (One Pointer + Two Integers)
For calls that take a pointer and two integers, one integer represents the number of bytes required for an individual object, and a second integer represents the number of elements in the array. The resulting product of the two integers should not be greater than the element count of the pointer were it expressed as an unsigned char *. See INT30-C. Ensure that unsigned integer operations do not wrap for more information. This compliant solution uses the sizeof operator to correctly provide the object size, and numObjs to provide the element count.
| Code Block | ||
|---|---|---|
| ||
#include <stdint.h>
#include <stdio.h>
struct obj {
char c;
int i;
};
void func(FILE *f, struct obj *objs, size_t numObjs) {
if (numObjs > (SIZE_MAX / sizeof(*objs)) ||
numObjs != fwrite(objs, sizeof(*objs), numObjs, f)) {
/* Handle error */
}
} |
...
| [ISO/IEC TS 17961] | Programming Languages, Their Environments and System Software Interfaces |
...