The sizeof operator yields the size (in bytes) of its operand, which may be an expression or the parenthesized name of a type. When the type of the operand is a variable-length array type (VLA) the expression is evaluated; otherwise, the operand is not evaluated.
...
In the following noncompliant code example, the expression ++n in the initialization expression of a must be evaluated since its value affects the size of the variable length array operand of the sizeof operator. However, since the expression ++n % 1 evaluates to 0, regardless of the value of n, its value does not affect the result of the sizeof operator, and, thus, it is unspecified whether n is incremented or not.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: EXP06-CPP. Operands to the sizeof operator should not contain side effects
...
Wiki Markup
Bibliography
...