...
The size implied by an initialization literal is usually specified by the number of elements,
| Code Block |
|---|
int array[] = {1, 2, 3}; /* 3-element array */
|
but it is also possible to use designators to initialize array elements in a noncontiguous fashion. Subclause 6.7.9, Example 12, of the C Standard [AA. Bibliography#ISO-ISO/IEC 9899-:2011] states:
Space can be "allocated" from both ends of an array by using a single designator:
Code Block int a[MAX] = { 1, 3, 5, 7, 9, [MAX-5] = 8, 6, 4, 2, 0 };In the above, if
MAXis greater than ten, there will be some zero-valued elements in the middle; if it is less than ten, some of the values provided by the first five initializers will be overridden by the second five.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int a[3] = {1, 2, 3, 4};
|
The size of the array a is 3, although the size of the initialization is 4. The last element of the initialization (4) is ignored. Most compilers will diagnose this error.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int a[] = {1, 2, 3, 4};
|
Compliant Solution
This compliant solution explicitly specifies the array bound:
| Code Block | ||||
|---|---|---|---|---|
| ||||
int a[4] = {1, 2, 3, 4};
|
Explicitly specifying the array bound, although it is implicitly defined by an initializer, allows a compiler or other static analysis tool to issue a diagnostic if these values do not agree.
Exceptions
ARR02-C-EX1: STR11-C. Do not specify the bound of a character array initialized with a string literal is a specific exception to this recommendation; it requires that the bound of a character array initialized with a string literal is unspecified.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ARR02-C | Medium | Unlikely | Low | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| array-size-global | Partially checked | ||||||
| Axivion Bauhaus Suite |
| CertC-ARR02 | Fully implemented | ||||||
| Compass/ROSE |
| CC2.ARR02 | Fully implemented |
| Helix QAC |
| C0678, C0688, C3674, C3684 | |||||||
| LDRA tool suite |
| 127 S | Fully implemented |
0688,3674,3684, 678
| Parasoft C/C++test |
| CERT_C-ARR02-a | Explicitly specify array bounds in array declarations with initializers | ||||||
| PC-lint Plus |
| 576 | Partially supported | ||||||
| Polyspace Bug Finder |
| Checks for improper array initialization (rec, partially covered). | |||||||
| PVS-Studio |
| V798 | |||||||
| RuleChecker |
| array-size-global | Partially checked | ||||||
| SonarQube C/C++ Plugin |
| S834 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C |
| CTR02-CPP. Explicitly specify array bounds, even if implicitly defined by an initializer |
| Prior to 2018-01-12: CERT: Unspecified Relationship | |
| CWE 2.11 | CWE-665, Incorrect or incomplete initialization |
| Prior to 2018-01-12: CERT: | |
| MISRA C:2012 | Rule 8.11 (advisory) |
| Prior to 2018-01-12: CERT: Unspecified Relationship | ||
| MISRA C:2012 | Rule 9.5 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship |
Bibliography
...
...