Variable-length arrays are essentially the same as traditional C arrays, the major difference being except that they are declared with a size that is not a constant integer expression. A variable-length array can be declared as follows:
...
However, it is unclear whether the value of s is a valid size argument. Depending on how variable-length arrays are implemented, the size may be interpreted as a negative value or a very large positive value. The either case, a security vulnerability may occur.For example, for GCC 4.2.2 on the Debian GNU/Linux Intel 32-bit platform, the value of a variable length array's size is interpreted as a 32-bit signed integer. Passing in a negative number for the size will likely cause the program stack to become corrupted, and passing in a large positive number may cause a terminal stack overflow. It is important to note that this information may become outdated as GCC evolves.
Compliant Code Solution
This compliant solution ensures the size argument s used to allocate vla is in a valid range (between 1 and a programmer-defined maximum).
...