...
This compliant solution eliminates the NULL return and simply returns the item array, even if it is zero-length. The main function can effectively handle this situation without exhibiting erroneous behavior. Since the array lives on the stack, it must prevent returning a value in the stack frame (as mandated by DCL30-C. Declare objects with appropriate storage durations). So the getStack() function also takes a pointer to Inventory, so that it can return a pointer to its contents safely.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
enum { INV_SIZE=20 };
typedef struct {
size_t stockOfItem[INV_SIZE];
size_t length;
} Inventory;
size_t *getStock(Inventory* iv);
int main(void) {
Inventory iv;
size_t i;
size_t *item;
iv.length = 0;
/*
* Other code that might modify the inventory but still
* leave no items in it upon completion.
*/
item = getStock(&iv);
if (iv.length != 0) {
printf("Stock of first item in inventory: %zd\n", item[0]);
}
return 0;
}
size_t *getStock(Inventory* iv) {
return iv.stockOfItem->stockOfItem;
}
|
Noncompliant Code Example (Sentinel Value)
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Parasoft C/C++test |
| CERT_C-MSC19-a | Avoid accessing arrays out of bounds | ||||||
| PC-lint Plus |
| 413, 418, 419, 420, 473, | Partially supported |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
...