...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Exceptions
EXP09-EX1: C99 explicitly declares sizeof(char) == 1. So any sizes based on characters or character arrays may be evaluated without using sizeof. This does not apply to char* or any other data types.
Other Languages
This rule appears in the C++ Secure Coding Standard as EXP09-CPP. Use sizeof to determine the size of a type or variable.
...