...
While these declarations work fine when the size of the array is known at compile time, it is not possible to declare an array in this fashion when the size can be determined only at runtime. The C standard Standard adds support for variable - length arrays or arrays whose size is determined at runtime. Before the introduction of variable - length arrays in C99, however, these "arrays" were typically implemented as pointers to their respective element types allocated using malloc(), as shown in this example.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
...
ISO/IEC 9899:2011 Section 6.7.6.2, "Array declarators"
...
...
| Failure to constrain operations within the bounds of an allocated memory buffer |
...
...
...
| -129, |
...
| Unchecked array indexing |
...
...