Page History

...

When compiled for Windows (x86), the output of this program is:
Size of struct: 16 bytes

Non-Compliant Coding Example

This non-compliant example demonstrates the incorrect way to allocate memory sufficient for storing 100 pointersdeclare a jagged array of 100 x 100 integers.

Code Block

bgColor	#FFcccc

/* assuming 32-bit pointer, 32-bit integer */
void** ptrarrayint i;
int** intarray = calloc(100, 4);
for (i = 0; i < 100; i++)
    intarray[i] = calloc(100, 4);

Compliant Solution

The above example can be fixed by replacing the hard-coded value 4 with the actual size of the void* datatype as represented on the target platform. Remember to check the return value of the memory allocation routines.

Code Block

bgColor	#ccccff


/* not assuming size of a pointer */
void** ptrarray
int i;
int** intarray = calloc(100, sizeof(int*));
if (!intarray)
    { /* perform cleanup, return error */ }
for (i = 0; i < 100; i++) {
    intarray[i] = calloc(100, sizeof(void*int));
    if (!intarray[i])
        { /* perform cleanup, return error */ }
}

Risk Assessment

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MSCxx EXPxx-C	3 (high)	3 (probable)	2 (medium)	P18	L1

Space shortcuts

Page tree

Versions Compared

Old Version 5

New Version 6

Key

Non-Compliant Coding Example

Compliant Solution

Risk Assessment