MISRAC2012-Dir-4.14_e
In this section:
Synopsis
(Required) The validity of values received from external sources shall be checked.
Enabled by default
Yes
Severity/Certainty
Medium/Medium
Full description
An array is accessed with an index derived from user input.
Coding standards
- MISRA C:2012 Dir-4.14
(Required) The validity of values received from external sources shall be checked
Code examples
The following code example fails the check and will give a warning:
#include <stdio.h>
#include <string.h>
int *main(int argc, char *argv[]) {
int *options[10];
char buffer[1024];
int index, success, socket;
success = recv(socket, buffer, sizeof(buffer) - 1, 0);
if (!success) return 0;
sscanf(buffer, "%d", &index);
return options[index]; /* Index could be any integer */
}
The following code example passes the check and will not give a warning about this issue:
#include <stdio.h>
#include <string.h>
int *main(int argc, char *argv[]) {
int *options[10];
char buffer[1024];
int index, success, socket;
success = recv(socket, buffer, sizeof(buffer) - 1, 0);
if (!success) return 0;
sscanf(buffer, "%d", &index);
if (index >= 0 && index < 10)
return options[index]; /* Index is between 0 and 9 */
}