|Supported, but no explicit checker|
|(customization)||Users can add a custom check for allocator calls with size argument 0 (this includes literal 0, underconstrained tainted values, and computed values).|
Can detect some violations of this rule. In particular, it warns when the argument to
|CERT_C-MEM04-a||The validity of values passed to library functions shall be checked|
|Polyspace Bug Finder|
Checks for:Size of variable-length array is zero or negative
Value from an unsecure source changes sign
Size of the variable-length array (VLA) is from an unsecure source and may be zero, negative, or too large
Rec. fully covered.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.