...
ARR02-C-EX1: STR11-C. Do not specify the bound of a character array initialized with a string literal is a specific exception to this recommendation; it requires that the bound of a character array initialized with a string literal is unspecified.
Risk Assessment
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ARR02-C | Medium | Unlikely | Low | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description |
|---|
| Astrée |
| array-size-global | Partially checked | ||||||
| Axivion Bauhaus Suite |
|
|
|
| CertC-ARR02 | Fully implemented |
| Compass/ROSE |
| CC2.ARR02 | Fully implemented | |||||||
| Helix QAC |
| C0678, C0688, C3674, C3684 | |||||||
| LDRA tool suite |
| 127 S | Fully implemented | ||||||
| Parasoft C/C++test |
| CERT_C-ARR02-a | Explicitly specify array bounds in array declarations with initializers | ||||||
| PC-lint Plus |
| 576 | Partially supported | ||||||
| Polyspace Bug Finder |
|
Incorrect array initialization when using initializers
0688,3674,3684, 678
| Checks for improper array initialization (rec, partially covered). | ||||||||
| PVS-Studio |
| V798 | |||||||
| RuleChecker |
| array-size-global | Partially checked | ||||||
| SonarQube C/C++ Plugin |
| S834 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C |
| CTR02-CPP. Explicitly specify array bounds, even if implicitly defined by an initializer |
| Prior to 2018-01-12: CERT: Unspecified Relationship | ||
| CWE 2.11 | CWE-665, Incorrect or incomplete initialization | Prior to 2018-01-12: CERT: |
| MISRA C:2012 | Rule 8.11 (advisory) | Prior to 2018-01-12: CERT: Unspecified Relationship |
| MISRA C:2012 | Rule 9.5 (required) | Prior to 2018-01-12: CERT: Unspecified Relationship |
Bibliography
| [ISO/IEC 9899:2011] | Subclause 6.7.9, "Initialization" |
...
...