SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 61

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 62

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
The footnote in Section 6.5.3.4 of the C Standard \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] explains this:

When applied to a parameter declared to have array or function type, the sizeof operator yields the size of the adjusted (pointer) type . . . .

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

ARR01-C

high

probable

low

P18

L1

Automated Detection

...

Tool

Version

Checker

Description

Section

LDRA tool suite

...

Splint Version 3.1.1 can detect violations of this recommendation.

...

Include Page
c:LDRA_V
c:LDRA_V

 

 

Section

Splint

Include Page
c:Splint_V
c:Splint_V

 

 

Section

Compass/ROSE

 

 

Section

can detect violations of the recommendation, but it cannot distinguish between incomplete array declarations and pointer declarations

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : ARR01-CPP. Do not apply the sizeof operator to a pointer when taking the size of an array.

Bibliography

Wiki Markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.7.5.2, "Array declarators"
\[[Drepper 062006|AA. Bibliography#Drepper 06]\] Section 2.1.1, "Respecting Memory Bounds"
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 467|http://cwe.mitre.org/data/definitions/467.html], "Use of sizeof() on a Pointer Type"

...