...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP09-A | 3 ( high ) | 1 ( unlikely ) | 2 ( medium ) | P6 | L2 |
Automated Detection
The tool Compass Rose is able to detect violations of this recommendation. In particular, it looks for the size argument malloc(), calloc(), or realloc(), and hollers if it does not find a sizeof operator in the argument expression. It keeps quiet if the return value is assigned to a char*, since that means a string is being allocated, and sizeof is unnecessary, because sizeof(char) == 1.
...