Variable-length arrays (VLA) are essentially the same as traditional C arrays, except that they are declared with a size that is not a constant integer expression , and may can be declared only at block scope or function prototype scope and no linkage. A variable-length array can be declared
...
In this noncompliant code example, a variable-length array of size size is declared. The size is declared as size_t in compliance with guideline recommendation INT01-C. Use rsize_t or size_t for all integer values representing the size of an object.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
ISO/IEC TR 24772 "XYX Boundary Beginning Violation" and "XYZ Unchecked Array Indexing"
Bibliography
| Wiki Markup |
|---|
\[[Griffiths 2006|AA. Bibliography#Griffiths 06]\] \[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "XYX Boundary Beginning Violation" and "XYZ Unchecked Array Indexing" |
...
ARR31-C. Use consistent array notation across all source files 06. Arrays (ARR) ARR33-C. Guarantee that copies are made into storage of sufficient size