One of the problems with arrays is determining the size. The sizeof
operator yields the size (in bytes) of its operand, which may be an expression or the parenthesized name of a type.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Unable to render {include} The included page could not be found.
Non-Compliant Code Example
Unable to render {include} The included page could not be found.
Compliant Solution
Unable to render {include} The included page could not be found.
Risk Assessment
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
ARR00-A |
3 (high) |
1 (unlikely) |
3 (low) |
P9 |
L2 |
References
[[ISO/IEC 9899-1999]] Section 6.7.5.2, "Array declarators"
[[Drepper 06]] Section 2.1.1, "Respecting Memory Bounds"