...
| Code Block |
|---|
{ /* block scope */
char vla[size];
}
|
Wiki Markup size}} and the declaration of {{vla}} are both evaluated at runtime. If the size argument supplied to a variable-length array is not a positive integer value, the behavior is undefined. (See [undefined behavior 69|CC. Undefined Behavior#ub_ 69] in Annex J of C99.) In addition, if the magnitude of the argument is excessive the program may behave in an unexpected way. An attacker may be able to leverage this behavior to overwrite critical program data \ [[Griffiths 2006|AA. Bibliography#Griffiths 06]\]. The programmer must ensure that size arguments to variable-length arrays are valid and have not been corrupted as the result of an exceptional integer condition.
Noncompliant Code Example
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ARR32-C | high | probable | high | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
...
ISO/IEC TR 24772 "XYX Boundary Beginning Violation" and "XYZ Unchecked Array Indexing"
Bibliography
...
\[[Griffiths 2006|AA. Bibliography#Griffiths 06]\]
...
ARR31-C. Use consistent array notation across all source files 06. Arrays (ARR) ARR33-C. Guarantee that copies are made into storage of sufficient size