sizeof operator yields the size (in bytes) of its operand, which can be an expression or the parenthesized name of a type. However, using the
sizeof operator to determine the size of arrays is error prone.
sizeof operator is often used in determining how much memory to allocate via
malloc(). However using an incorrect size is a violation of MEM35-C. Allocate sufficient memory for an object.
Noncompliant Code Example
In this noncompliant code example, the function
clear() zeros the elements in an array. The function has one parameter declared as
int array and is passed a static array consisting of 12
int as the argument. The function
clear() uses the idiom
sizeof(array) / sizeof(array) to determine the number of elements in the array. However,
array has a pointer type because it is a parameter. As a result,
sizeof(array) is equal to the
sizeof(int *). For example, on an architecture (such as IA-32) where the
sizeof(int) == 4 and the
sizeof(int *) == 4, the expression
sizeof(array) / sizeof(array) evaluates to 1, regardless of the length of the array passed, leaving the rest of the array unaffected.
Footnote 103 in subclause 220.127.116.11 of the C Standard [ISO/IEC 9899:2011] applies to all array parameters:
When applied to a parameter declared to have array or function type, the
sizeofoperator yields the size of the adjusted (pointer) type.
In this compliant solution, the size of the array is determined inside the block in which it is declared and passed as an argument to the function:
sizeof(array) / sizeof(array) idiom will succeed provided the original definition of
array is visible.
Noncompliant Code Example
In this noncompliant code example,
sizeof(a) does not equal
100 * sizeof(int), because the
sizeof operator, when applied to a parameter declared to have array type, yields the size of the adjusted (pointer) type even if the parameter declaration specifies a length:
In this compliant solution, the size is specified using the expression
len * sizeof(int):
Incorrectly using the
sizeof operator to determine the size of an array can result in a buffer overflow, allowing the execution of arbitrary code.
Can detect violations of the recommendation but cannot distinguish between incomplete array declarations and pointer declarations
|LDRA tool suite||9.7.1|
|Parasoft C/C++test||9.5||PB-32||Fully implemented|
|Polyspace Bug Finder||R2016a||Possible misuse of sizeof|
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
|SEI CERT C++ Coding Standard||CTR01-CPP. Do not apply the sizeof operator to a pointer when taking the size of an array|
|MITRE CWE||CWE-467, Use of sizeof() on a pointer type|
|ISO/IEC TS 17961||Taking the size of a pointer to determine the size of the pointed-to type [sizeofptr]|
|[Drepper 2006]||Section 2.1.1, "Respecting Memory Bounds"|
|[ISO/IEC 9899:2011]||Subclause 18.104.22.168, "The |