Wiki Markup [\]}} are not checked unless the programmer provides adequate bounds checking. As a result, the expression {{array \ [pos\] = value}} can be used by an attacker to transfer control to arbitrary code.
Wiki Markup pos}} and {{value}} in the expression {{array \ [pos\] = value}}, the attacker can perform an arbitrary write (which is when the attacker overwrites other storage locations with different content). The consequences range from changing a variable used to determine what permissions the program grants to executing arbitrary code with the permissions of the vulnerable process. Arrays are also a common source of buffer overflows when iterators exceed the bounds of the array.
An array is a series of objects, all of which are the same size and type. Each object in an array is called an array element. The entire array is stored contiguously in memory (that is, there are no gaps between elements). Arrays are commonly used to represent a sequence of elements where random access is important, but there is little or no need to insert new elements into the sequence (which can be an expensive operation with arrays).
...
The variable p is declared as a pointer to an integer and then incremented in the loop. This technique can be used to initialize both arrays and is a better style of programming than incrementing the pointer to the array because it does not change the pointer to the start of the array.unmigrated-wiki-markup
Obviously, there is a relationship between array subscripts {{\[\]}} and pointers. The expression {{dis\[i\]}} is equivalent to {{\*(dis+i)}} for all integral values of {{i}}. In other words, if {{dis}} is an array object (equivalently, a pointer to the initial element of an array object) and {{i}} is an integer, {{dis\[i\]}} designates the {{i}}{^}th{^} element of {{dis}}. In fact, because {{\*(dis+i)}} can be expressed as {{\*(i+dis)}}, the expression {{dis\[i\]}} can be represented as {{i\[dis\]}}, although doing so is not encouraged. Since array indices are zero-based, the first element is designated as {{dis\[0\]}}, or equivalently as {{*(dis+0)}} or simply {{*dis}}.
Risk Assessment
Arrays are a common source of vulnerabilities in C language programs because they are frequently used but not always fully understood.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ARR00-C | high | probable | high | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
|
...