Skip to main content

IAR Embedded Workbench for Arm 9.70.x

MISRAC2012-Dir-4.14_f

In this section:
Synopsis

(Required) The validity of values received from external sources shall be checked.

Enabled by default

Yes

Severity/Certainty

Medium/Medium

mediummedium.png
Full description

A user-controlled variable is used as an offset to a pointer without proper bounds checking.

Coding standards
MISRA C:2012 Dir-4.14

(Required) The validity of values received from external sources shall be checked

Code examples

The following code example fails the check and will give a warning:

#include <stdio.h>
#include <stdlib.h>

void example(int *p) {
  int a = atoi(getenv("TEST"));
  p + a;
}

The following code example passes the check and will not give a warning about this issue:

#include <stdio.h>
#include <stdlib.h>

void example(int *p) {
  int a = atoi(getenv("TEST"));
  if (a > 0 && a < 10)
    p + a;
}