...
A more general and safer solution to this problem is to use a flexible array member that guarantees the array that follows the structure is properly aligned by inserting padding, if necessary, between it and the member that immediately precedes it.
Risk Assessment
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
ARR37-C | Medium | Probable | Medium | P8 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||
---|---|---|---|---|---|---|---|
Astrée |
|
Supported, but no explicit checker | |
Compass/ROSE |
Coverity |
| ARRAY_VS_SINGLETON | Implemented | ||||||
LDRA tool suite |
| 567 S | Partially implemented | ||||||
Parasoft C/C++test |
|
|
| PB-51 |
Implemented | ||||||||
Polyspace Bug Finder | R2016a | Invalid assumptions about memory organization | Address is computed by adding or subtracting from address of a variable | |||||
PRQA QA-C |
| 2930, 2931, 2932, 2933, 2934 |
PRQA QA-C++ |
| 3705, 3706, 3707 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
---|
Bibliography
[Banahan 2003] | Section 5.3, "Pointers" Section 5.7, "Expressions Involving Pointers" |
[ISO/IEC 9899:2011] | 6.5.6, "Additive Operators" |
[VU#162289] |
...