SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Alex Volkovitsky

Saved on

compared with

New Version 11

changes.mady.by.user Pamela Curtis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The C standard allows an array variable to be declared both with a dimension index bound and with an initialization literal. The initialization literal also implies an array dimensionbound, in the number of elements specified.

...

C99 also dictates how array initialization is handled when the number of initialization elements does not equal the explicit array dimensionbound. C99 Section 6.7.8, "Initialization", paragraph 21 states:

...

Note that this recommendation does not apply to character arrays initialized with string literals, see STR36-C. Do not specify the dimension of a character array initialized with a string literal for more information.

Non-Compliant Code Example (Incorrect Size)

This non-compliant code example initializes an array of integers using an initialization with too many elements for the array.

...

The size of the array a is three, although the size of the initialization is four. The last element of the initialization (4) is ignored. Most compilers will diagnose this error.

Implementation Details

This non-compliant code example generates a warning in gcc. Microsoft Visual Studio 2008 generates a fatal diagnostic: error C2078: too many initializers.

Non-Compliant Code Example (Implicit Size)

In this example, the compiler allocates an array of four integer elements, and because an array bound is not explicitly specified by the programmer, sets the array bound to 4. However, if the initializer changes, the array bound may also change, causing unexpected results.

Code Block
bgColor#FFCCCC
int a[] = {1, 2, 3, 4};

Compliant Solution

This compliant solution explicitly specifies the array dimensionbound.

Code Block
bgColor#ccccff
int a[4] = {1, 2, 3, 4};

Explicitly specifying the array dimension bound although it is implicitly defined by an initializer allows a compiler or other static analysis tool to issue a diagnostic if these values do not agree.

Risk Assessment

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ARR02-A

medium

unlikely

low

P6

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.8, "Initialization"

...

ARR01-A. Do not apply the sizeof operator to a pointer when taking the size of an array      06. Arrays (ARR)       ARR30-C. Guarantee that array indices are within the valid range