...
The C Standard, section 6.2.6.1 [ISO/IEC 9899:2011], states:
When a value is stored in an object of structure or union type, including in a member object, the bytes of the object representation that correspond to any padding bytes take unspecified values.
...
As a result of being uninitialized, padding bytes could have random data (sensitive data). This structure could be passed to functions that do not have privilege. For example, there have been instances in the Linux kernel where when uninitialized stack bytes are were leaked to unprivileged users as a result of copying structures to user space.
...
For example, in an IA-32 machine, the explicit insertion of the padding bytes into the struct should ensure that no "invisible" padding bytes are added in by the compiler, and consequently the expression in static_assert should be true.
...
and consequently the expression should return 1.
However, if you are compiling were compiling for a different architecture and the compiler adds padding bytes, then the memory would not be contiguous and the expression would return 0.
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
DCL39-C | low | unlikely | medium | P2 | L3 |
...
Bibliography
...
| ] | Section 6.2.6.1, "General" (para. 6) |
|---|
...
...