SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user cjohns

Saved on

compared with

New Version 4

changes.mady.by.user cjohns

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ffcccc
int nums[SIZE];
char *strings[SIZE];
int next_num_ptr = nums;
int free_spacebytes;

/*perform operations on next_num_ptr as array fills */

free_spacebytes = strings - next_num_ptr;

In this non-compliant code example pointer subtraction is used to determine how many free elements are left in the nums array. The first incorrect assumption is that nums and strings arrays will be next to each other in memory. The second is that free_bytes will be the number of bytes available. The subtraction will return the number of elements between next_num_ptr and strings.

Compliant Solution

Code Block
bgColor#ccccff
nt nums[SIZE];
char *strings[SIZE];
int next_num_ptr = nums;
int free_spaceelements =SIZE;

/*perform operations on next_num_ptr as array fills 
  decrement free_spaceelements as it fills */

In the compliant solution, the number of free elements is kept as a counter and adjusted on every array operation. It is also calculated in terms of free elements instead if bytes. This prevents further mathematical errors.

Risk Assessment

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ARR36-C

2 (medium)

2 (probable)

2 (medium)

P6

L2

Related Vulnerabilities

...