SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 46

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note that this recommendation does not apply (in all cases) to character arrays initialized with string literals. See STR36 STR11-C. Do not specify the bound of a character array initialized with a string literal for more information.

Noncompliant Code Example (Incorrect Size)

...

Explicitly specifying the array bound, although it is implicitly defined by an initializer, allows a compiler or other static analysis tool to issue a diagnostic if these values do not agree.

Exceptions

ARR02-C-EX1:STR36 STR11-C. Do not specify the bound of a character array initialized with a string literal is a specific exception to this recommendation; it requires that the bound of a character array initialized with a string literal is unspecified.

Risk Assessment

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ARR02-C

Medium

Unlikely

Low

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
array-size-globalPartially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-ARR02Fully implemented
Compass/ROSE

 

 

 




ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.ARR02

Fully implemented

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0678, C0688, C3674, C3684


LDRA tool suite
Include Page
LDRA_V
LDRA_V

127 S
397 S
404 S

Partially implemented

PRQA QA-C Include PagePRQA_VPRQA_V

0684 (C)
0686
0687
0688
3674
3684

Fully  implemented

Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-ARR02-a

Explicitly specify array bounds in array declarations with initializers

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

576

Partially supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. ARR02-C


Checks for improper array initialization (rec, partially covered).

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V798
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
array-size-globalPartially checked
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S834
Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C
++ Secure Coding Standard
ARR02
CTR02-CPP. Explicitly specify array bounds, even if implicitly defined by an initializer
MITRE CWE
Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-665, Incorrect or incomplete initializationPrior to 2018-01-12: CERT:
MISRA C:2012Rule 8.11 (advisory)Prior to 2018-01-12: CERT: Unspecified Relationship
MISRA C:2012Rule 9.5 (required)Prior to 2018-01-12: CERT: Unspecified Relationship

Bibliography

[ISO/IEC 9899:2011]Subclause 6.7.9, "Initialization"

...


...

Image Modified Image Modified Image Modified