...
where the integer expression size and the declaration of vla are both evaluated at runtime. If the size argument supplied to a variable length array is not a positive integer value, the behavior is undefined. (See undefined behavior 7572.) Additionally, if the magnitude of the argument is excessive, the program may behave in an unexpected way. An attacker may be able to leverage this behavior to overwrite critical program data [Griffiths 2006]. The programmer must ensure that size arguments to variable length arrays, especially those derived from untrusted data, are in a valid range.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| ALLOC.SIZE.IOFLOW | Integer Overflow of Allocation Size | ||||||
| Coverity |
| REVERSE_NEGATIVE | Fully implemented | ||||||
| Cppcheck |
| negativeArraySizepremium-cert-arr32-c | Context sensitive analysis | ||||||
| Cppcheck Premium |
| negativeArraySize premium-cert-arr32-c | Context sensitive analysis Will warn only if given size is negative | ||||||
| Helix QAC |
| C1051 | |||||||
| Klocwork |
| MISRA.ARRAY.VAR_LENGTH.2012 | |||||||
| LDRA tool suite |
| 621 S | Enhanced enforcement | ||||||
| Parasoft C/C++test |
| CERT_C-ARR32-a | Ensure the size of the variable length array is in valid range | ||||||
| PC-lint Plus |
| 9035 | Assistance provided | ||||||
| Polyspace Bug Finder |
| Checks for:
Rule fully covered. | |||||||
| TrustInSoft Analyzer |
| alloca_bounds | Exhaustively verified. |
...