Under Construction
This is new rule and not yet ready for review.
When two pointers are subtracted, both must point to elements of the same array object, or one past the last element of the array object; the result is the difference of the subscripts of the two array elements. This restriction exists because pointer subtraction in C produces the number of objects between the two pointers, not the number of bytes.
Similarly comparing pointers can tell you the relative positions of the pointers in term of each other. Subtracting or comparing pointers the do not refer to the same array will lead to undefined behavior.
Non-Compliant Code Example
int nums[SIZE]; char *strings[SIZE]; int next_num_ptr = nums; int free_space; /*perform operations on next_num_ptr as array fills */ free_space = strings - next_num_ptr;
Compliant Solution
nt nums[SIZE]; char *strings[SIZE]; int next_num_ptr = nums; int free_space=SIZE; /*perform operations on next_num_ptr as array fills decrement free_space as it fills */
Risk Assessment
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
ARR36-C |
2 (medium) |
2 (probable) |
2 (medium) |
P6 |
L2 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[Banahan 03]] Section 5.3, "Pointers,"
and Section 5.7, "Expressions involving pointers"
[[ISO/IEC 9899-1999]] Section 6.5.6, "Additive operators"