Under Construction
This is new rule and not yet ready for review.
When two pointers are subtracted, both must point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. This restriction exists because pointer subtraction in C produces the number of objects between the two pointers, not the number of bytes.
Similarly comparing pointers can tell you the relative positions of the pointers in term of each other. Subtracting or comparing pointers the do not refer to the same array will lead to undefined behavior.
Non-Compliant Code Example
Compliant Solution
Risk Assessment
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
ARR36-C |
2 (medium) |
1 (unlikely) |
2 (medium) |
P4 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[Banahan 03]] Section 5.3, "Pointers," and Section 5.7, "Expressions involving pointers"
[[ISO/IEC 9899-1999]] Section 6.5.6, "Additive operators"