...
The storage for this object is either static (if the compound literal occurs at file scope) or automatic (if the compound literal occurs at block scope), and the storage duration is associated with its immediate enclosing block [ISO/IEC 9899:2011]. For example, in the function
...
Note that only one object is created per compound literal—even if the compound literal appears in a loop and has dynamic initializers [ISO/IEC 9899:2011].
This recommendation is a specific instance of DCL30-C. Declare objects with appropriate storage durations.
Noncompliant Code Example
In this noncompliant code example, the programmer mistakenly assumes that the elements of the ints array of the pointer to int_struct are assigned the addresses of distinct int_struct objects, one for each integer in the range [0, MAX_INTS-1]:
...
Because the storage duration of the compound literal is associated with the for loop that contains it, dereferencing ints in the second loop results in undefined behavior 9 (Annex J of the C Standard).
Even if the region of memory that contained the compound literal is not written to between loops, the print loop will display the value MAX_INTS-1 for MAX_INTS lines. This is contrary to the intuitive expected result, which is that the integers 0 through MAX_INTS-1 would be printed in order.
Compliant Solution
This compliant solution uses an array of structures rather than an array of pointers. That way, an actual copy of each int_struct (rather than a pointer to the object) is stored.
| Code Block | ||||||
|---|---|---|---|---|---|---|
| ||||||
#include <stdio.h>
typedef struct int_struct {
int x;
} int_struct;
#define MAX_INTS 10
int main(void){
size_t i;
int_struct ints[MAX_INTS];
for (i = 0; i < MAX_INTS; i++) {
ints[i] = (int_struct){i};
}
for (i = 0; i < MAX_INTS; i++) {
printf("%d\n", ints[i].x);
}
}
|
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL21-C | low | unlikely | medium | P2 | L3 |
...