• CodeQL query help documentation »
• CodeQL query help for C and C++ »

No raw arrays in interfaces

ID: cpp/array-in-interface
Kind: problem
Security severity: 
Severity: recommendation
Precision: high
Tags:
   - reliability
   - readability
   - language-features
   - external/jsf
Query suites:
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

This rule finds class members (functions or data) that are or use arrays. This is particularly important for functions with array type parameters, as these parameters are treated as pointers to the array’s first element inside the function (array decay). Assuming that it is still has the type of the array passed to the function can cause unexpected behavior (e.g. when using the sizeof operator).

Recommendation

Use the Array class, or explicitly declare the variable/parameter as a pointer so there is no possibility for confusion.

Example

void f(char buf[]) { //wrong: uses an array as a parameter type
	int length = sizeof(buf); //will return sizeof(char*), not the size of the array passed
	...
}

References

• AV Rule 97, Joint Strike Fighter Air Vehicle C++ Coding Standards. Lockheed Martin Corporation, 2005.

• comp.lang.c FAQ list · Question 6.3

• © GitHub, Inc.
• Terms
• Privacy