The sizeof
operator yields the size (in bytes) of its operand, which may be an expression or the parenthesized name of a type. However, using the sizeof
operator to determine the size of arrays is error prone.
Non-Compliant Code Example
Unable to render {include} The included page could not be found.
Compliant Solution
Unable to render {include} The included page could not be found.
Risk Assessment
Incorrectly using the sizeof
operator to determine the size of an array could result in a buffer overflow, allowing the execution of arbitrary code.
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
ARR00-A |
3 (high) |
1 (unlikely) |
3 (low) |
P9 |
L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[ISO/IEC 9899-1999]] Section 6.7.5.2, "Array declarators"
[[Drepper 06]] Section 2.1.1, "Respecting Memory Bounds"