...
Explicitly specifying the array bound, although it is implicitly defined by an initializer, allows a compiler or other static analysis tool to issue a diagnostic if these values do not agree.
Exceptions
ARR02-C-EX1: STR11-C. Do not specify the bound of a character array initialized with a string literal is a specific exception to this recommendation; it requires that the bound of a character array initialized with a string literal is unspecified.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
ARR02-C | Medium | Unlikely | Low | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| array-size-global | Partially checked | ||||||
Axivion Bauhaus Suite |
| CertC-ARR02 | Fully implemented | ||||||
Compass/ROSE |
| CC2.ARR02 | Fully implemented | |||||||
Helix QAC |
| C0678, C0688, C3674, C3684 | |||||||
LDRA tool suite |
| 127 S | Fully implemented | ||||||
Parasoft C/C++test |
| CERT_C-ARR02-a | Explicitly specify array bounds in array declarations with initializers | ||||||
PC-lint Plus |
|
Partially implemented
0688,3674,3684, 678
| 576 | Partially supported | |||||||
Polyspace Bug Finder |
| Checks for improper array initialization (rec, partially covered). | |||||||
PVS-Studio |
| V798 | |||||||
RuleChecker |
| array-size-global | Partially checked | ||||||
SonarQube C/C++ Plugin |
| S834 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
---|---|---|
CERT C |
CTR02-CPP. Explicitly specify array bounds, even if implicitly defined by an initializer |
Prior to 2018-01-12: CERT: Unspecified Relationship | ||
CWE 2.11 | CWE-665, Incorrect or incomplete initialization | Prior to 2018-01-12: CERT: |
MISRA C:2012 | Rule 8.11 (advisory) |
Prior to 2018-01-12: CERT: Unspecified Relationship | ||
MISRA C:2012 | Rule 9.5 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship |
Bibliography
[ISO/IEC 9899:2011] | Subclause 6.7.9, "Initialization" |
...
...