...
This approach may be the only alternative for compilers that do not yet implement the C syntax. Microsoft Visual Studio 2005 does not implement the C syntax.
Compliant Solution
This compliant solution uses the flexible array member to achieve a dynamically sized structure.
...
This compliant solution allows the structure to be treated as if it had declared the member data[] to be data[array_size] in a manner that conforms to the C Standard. Note that Microsoft Visual Studio implements support for flexible array members, but some versions (such as MSVC 11) warn that this is a non-standard extension.
Risk Assessment
Failing to use the correct syntax can result in undefined behavior, although the incorrect syntax will work on most implementations.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
| [ISO/IEC 9899:2011] | Section 6.7.2.1, "Structure and Union Specifiers" |
| [McCluskey 2001] | "Flexible Array Members and Designators in C9X" |