One of the problems with arrays is determining the size. The sizeof operator yields the size (in bytes) of its operand, which may be an expression or the parenthesized name of a type.
...
In this example, the sizeof operator returns the size of the pointer, not the size of the block of space the pointer refers to. As a result the call to malloc() returns a pointer to a block of memory the size of a pointer. When the strcpy() is called, a heap buffer overflow will occur.
...
Fixing this issue requires the programmer to recognize and understand how sizeof works. In this case if, changing the type of src to a character array will correct the problem problem.
| Code Block |
|---|
char src[] = "hello, world"; char *dest = malloc(sizeof(src)); strcpy(dest, src); |
Non-Compliant Code Example
| Wiki Markup |
|---|
The {{sizeof}} operator can be used to compute the number of elements in an array as follows: {{sizeof (dis) / sizeof (dis\[0\])}}. The {{sizeof}} operator can also be used to calculate the size of variable length arrays. In the case of a variable length array, the operand is evaluated at runtime. Extreme care must be taken when using this particular programming idiom, however. |
...
| Wiki Markup |
|---|
In this example, {{sizeof (a) / sizeof (a\[0\])}} evaluates to {{sizeof(int*)/sizeof(int)}} because int {{a\[\]}} is equivalent to {{int \*a}} in the function declaration. This allows {{f()}} to be passed an array of arbitrary length. |
...