...
To avoid the potential for undefined behavior 59, structures that contain a flexible array member should always be allocated dynamically. Flexible array structures must
...
Because the memory for flex_struct is reserved on the stack, no space is reserved for the data member. Accessing the data member is undefined behavior 59.
Compliant Solution (Storage Duration)
...
Failure to use structures with flexible array members correctly can result in undefined behavior 59.
Rule | Severity | Likelihood | Detectable | Remediation CostRepairable | Priority | Level |
|---|---|---|---|---|---|---|
MEM33-C | Low | Unlikely | Yes | LowNo | P3P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| flexible-array-member-assignment flexible-array-member-declaration | Fully checked | ||||||
| Axivion Bauhaus Suite |
| CertC-MEM33 | Fully implemented | ||||||
| CodeSonar |
| LANG.STRUCT.DECL.FAM | Declaration of Flexible Array Member | ||||||
| Compass/ROSE | Can detect all of these | ||||||||
| Cppcheck Premium |
| premium-cert-mem33-cPartially implemented | |||||||
| Helix QAC |
| C1061, C1062, C1063, C1064 | |||||||
| Klocwork |
| MISRA.INCOMPLETE.STRUCT | |||||||
| LDRA tool suite |
| 649 S, 650 S | Fully implemented | ||||||
| Parasoft C/C++test |
| CERT_C-MEM33-a | Allocate structures containing a flexible array member dynamically | ||||||
| CERT C: Rule MEM33-C | Checks for misuse of structure with flexible array member (rule fully covered) | |||||||
| RuleChecker |
| flexible-array-member-assignment flexible-array-member-declaration | Fully checked | ||||||
| Security Reviewer - Static Reviewer |
| CPP_028 | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...