...
The BSD extension function alloca() behaves in a similar fashion to variable-length arrays; its use is not recommended [Loosemore 2007].
Compliant Solution
This compliant solution replaces the variable-length array with a call to malloc(). If malloc() fails, the return value can be checked to prevent the program from terminating abnormally.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| STACK_USE | Can help detect single stack allocations that are dangerously large, although it will not detect excessive stack use resulting from recursion. | |||||||
| PRQA QA·C |
| Partially implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
ISO/IEC 9899:2011 Section 6.7.6.2, "Array declarators," and Section 7.22.3, "Memory management functions"
ISO/IEC TR 24772 "GDL Recursion"
MISRA 2004 Rule 16.2
Bibliography
[Loosemore 2007] Section 3.2.5, "Automatic storage with variable sze"
[Seacord 2005a] Chapter 4, "Dynamic Memory Management"
[van Sprundel 2006] "Stack overflow"
...