Page History

...

When part of the operand of the sizeof operator is a VLA type and when changing the value of the VLA's size expression would not affect the result of the operator, it is unspecified whether or not the size expression is evaluated. See unspecified behavior 22 in Annex J , subclause J.1, of the C Standard [ISO/IEC 9899:2011].

Providing an expression that appears to produce side effects may be misleading to programmers who are not aware that these expressions are not evaluated in the non-VLA case and have unspecified results otherwise. As a result, programmers may make invalid assumptions about program state, leading to errors and possible software vulnerabilities.

...

Code Block

bgColor	#FFcccc
lang	c

void f(size_t n) {
  size_t a = sizeof(int [++n]);           /* n must be incremented. */
  size_t b = sizeof(int [++n % 1 + 1]);   /* n need not be incremented. */
  /* ... */
}

Anchor

	cs_vla
	cs_vla

...

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
EXP06-C	lowLow	unlikelyUnlikely	lowLow	P3	L3

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE

ECLAIR

Include Page

	ECLAIR_V
	ECLAIR_V

CC2.EXP06

Fully implemented

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

54 S

Fully implemented

PRQA QA-C

Include Page

	PRQA_V
	PRQA_V

3307

Fully implemented

...

Space shortcuts

Page tree

Versions Compared

Old Version 62

New Version 63

Key

Automated Detection