Pointer arithmetic is only appropriate when the pointer argument refers to an array ARR37-C. Do not add or subtract an integer to a pointer to a non-array object. When performing pointer arithmetic, the size of the value to add or subtract to a pointer is automatically scaled to the size of the type of the referenced array object. Adding or subtracting a scaled integer value to a pointer is insecure because it may result in a pointer that does not point to an element within or one past the end of the array. This is contraindicated by ARR38-C. Do not add or subtract an integer to a pointer if the resulting value does not refer to a valid array element.
| Wiki Markup |
|---|
Violations of this guidelines are indicated when a pointer to an array is added to the result of the {{sizeof}} operator or {{offsetof}} macro which return a size and offset, respectively. However, adding an array pointer to the number of array elements, for example by using the {{arr\[sizeof(arr)/sizeof(arr\[0\])\])}} idiom, is allowed, provided that {{arr}} refers to an array and not a pointer. |
...