The sizeof
operator yields the size (in bytes) of its operand, which may be an expression or the parenthesized name of a type. If the type of the operand is not a variable length array type, the operand is not evaluated.
Providing an expression that appears to produce side effects may be misleading to programmers who are not aware that these expressions are not evaluated. As a result, programmers may make invalid assumptions about program state, leading to errors and possible software vulnerabilities.
Risk Assessment
If expressions that appear to produce side effects are supplied to the sizeof
operator, the returned result may be different than expected. Depending on how this result is used, this could lead to unintended program behavior.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
EXP06-A |
1 (low) |
1 (unlikely) |
3 (low) |
P3 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[ISO/IEC 9899-1999]] Section 6.5.3.4, "The sizeof operator"
EXP05-A. Do not cast away a const qualification 03. Expressions (EXP) EXP07-A. Do not diminish the benefits of constants by assuming their values in expressions