CERT-ARR32-C
In this section:
Synopsis
Ensure size arguments for variable length arrays are in a valid range.
Enabled by default
Yes
Severity/Certainty
High/Medium
Full description
If a variable length arrays (VLA) is declared with a size that is not positive, the behavior is undefined. If the magnitude of a VLA size argument is excessive, the program may behave in an unexpected way. The programmer must ensure that size arguments to variable length arrays, especially those derived from untrusted data, are in a valid range.
Coding standards
- CERT ARR32-C
Ensure size arguments for variable length arrays are in a valid range
Code examples
The following code example fails the check and will give a warning:
#include <stddef.h>
void foo(int *array, size_t size) {}
void example(size_t size) {
int vla[size];
foo(vla, size);
}
The following code example passes the check and will not give a warning about this issue:
#include <stdint.h>
#include <stddef.h>
enum { MAX_ARRAY = 1024 };
void foo(int *array, size_t size) {}
void example(size_t size) {
if (0 == size || SIZE_MAX / sizeof(int) < size) {
/* Handle error */
return;
}
if (size < MAX_ARRAY) {
int vla[size];
foo(vla, size);
}
}