...
| Wiki Markup |
|---|
The initial element of an array is accessed using an index of zero; for example, {{dat\[0\]}} references the first element of {{dat}} array. The {{dat}} identifier points to the start of the array, so adding zero is inconsequential in that {{\*(dat+i)}} is equivalent to {{\*(dat+0)}}, which is equivalent to {{\*(dat)}}. |
Risk Assessment
Arrays are a common source of vulnerabilities in C language programs, because they are frequently used but not always fully understood.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ARR00-A C | high | probable | high | P6 | L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.5.2, "Array declarators" |
06. Arrays (ARR) 06. Arrays (ARR) ARR01-A. Do not apply the sizeof operator to a pointer when taking the size of an array