...
- The incomplete array type must be the last element within the structure.
- There cannot be an array of structures that contain flexible array members.
- Structures that contain a flexible array member cannot be used as a member in the middle of another structure.
- The
sizeofoperator cannot be applied to a flexible array.
Automated Detection
Compass/ROSE can detect some violations of this rule. In particular, it warns if the last element of a struct is an array with a small index (0 or 1).
Risk Assessment
Failing to use the correct syntax can result in undefined behavior, although the incorrect syntax will work on most implementations.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM33-C | low | unlikely | low | P3 | L3 |
Automated Detection
Compass/ROSE can detect some violations of this rule. In particular, it warns if the last element of a struct is an array with a small index (0 or 1).
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...