CERT-ARR30-C_d
Synopsis
Do not form or use out-of-bounds pointers or array subscripts.
Enabled by default
Yes
Severity/Certainty
High/High
Full description
Invalid pointer operations could lead to undefined behavior. These include forming an out-of-bounds pointer or array index, dereferencing a past-the-end pointer or array index, accessing or generating a pointer past flexible array member, and null pointer arithmetic. This check is identical to ARR-inv-index-ptr-pos, MISRAC++2008-5-0-16_f, MISRAC2012-Rule-18.1_d.
Coding standards
- CERT ARR30-C
Do not form or use out of bounds pointers or array subscripts
- CWE 119
Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE 120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE 121
Stack-based Buffer Overflow
- CWE 123
Write-what-where Condition
- CWE 124
Buffer Underwrite ('Buffer Underflow')
- CWE 126
Buffer Over-read
- CWE 127
Buffer Under-read
- CWE 129
Improper Validation of Array Index
- CWE 786
Access of Memory Location Before Start of Buffer
- MISRA C:2012 Rule-18.1
(Required) A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand
- MISRA C++ 2008 5-0-16
(Required) A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array.
Code examples
The following code example fails the check and will give a warning:
#include <stddef.h>
#define COLS 5
#define ROWS 7
static int matrix[ROWS][COLS];
void init_matrix(int x) {
for (size_t i = 0; i < COLS; i++) {
for (size_t j = 0; j < ROWS; j++) {
int *p = matrix[i];
p[j] = x;
}
}
}
The following code example passes the check and will not give a warning about this issue:
#include <stddef.h>
#define COLS 5
#define ROWS 7
static int matrix[ROWS][COLS];
void init_matrix(int x) {
for (size_t i = 0; i < ROWS; i++) {
for (size_t j = 0; j < COLS; j++) {
int *p = matrix[i];
p[j] = x;
}
}
}