ARR-uninit-index
Synopsis
An array is indexed with an uninitialized variable
Enabled by default
Yes
Severity/Certainty
Medium/Medium
Full description
An array is indexed with an uninitialized variable. The value of the variable is not defined, which might cause an array overrun. This check is identical to CERT-ARR30-C_f.
Coding standards
- CERT ARR30-C
Do not form or use out of bounds pointers or array subscripts
- CWE 665
Improper Initialization
- CWE 457
Use of Uninitialized Variable
- CWE 119
Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE 120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE 121
Stack-based Buffer Overflow
- CWE 122
Heap-based Buffer Overflow
- CWE 124
Buffer Underwrite ('Buffer Underflow')
- CWE 126
Buffer Over-read
- CWE 127
Buffer Under-read
- CWE 129
Improper Validation of Array Index
Code examples
The following code example fails the check and will give a warning:
int example(int b[20]) {
int a;
return b[a];
}
The following code example passes the check and will not give a warning about this issue:
int example(int b[20]) {
int a;
a = 5;
return b[a];
}