CERT-ARR30-C_f
Synopsis
Do not form or use out-of-bounds pointers or array subscripts.
Enabled by default
Yes
Severity/Certainty
High/High
Full description
Invalid pointer operations could lead to undefined behavior. These include forming an out-of-bounds pointer or array index, dereferencing a past-the-end pointer or array index, accessing or generating a pointer past flexible array member, and null pointer arithmetic. This check is identical to ARR-uninit-index.
Coding standards
- CERT ARR30-C
Do not form or use out of bounds pointers or array subscripts
- CWE 119
Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE 120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE 121
Stack-based Buffer Overflow
- CWE 123
Write-what-where Condition
- CWE 124
Buffer Underwrite ('Buffer Underflow')
- CWE 126
Buffer Over-read
- CWE 127
Buffer Under-read
- CWE 129
Improper Validation of Array Index
- CWE 786
Access of Memory Location Before Start of Buffer
Code examples
The following code example fails the check and will give a warning:
int example(int b[20]) {
int a;
return b[a];
}
The following code example passes the check and will not give a warning about this issue:
int example(int b[20]) {
int a;
a = 5;
return b[a];
}