...
Also see MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type for a discussion on the use of the sizeof operator with memory allocation functions.
Exceptions
EXP09-EX1: C99 explicitly declares sizeof(char) == 1. So any sizes based on characters or character arrays may be evaluated without using sizeof. This does not apply to char* or any other data types.
Risk Assessment
Porting code with hard-coded sizes can result in a buffer overflow or related vulnerability.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Exceptions
EXP09-EX1: C99 explicitly declares sizeof(char) == 1. So any sizes based on characters or character arrays may be evaluated without using sizeof. This does not apply to char* or any other data types.
Other Languages
This rule appears in the C++ Secure Coding Standard as EXP09-CPP. Use sizeof to determine the size of a type or variable.
...