CodeQL documentation

No raw arrays in interfaces

ID: cpp/array-in-interface
Kind: problem
Security severity: 
Severity: recommendation
Precision: high
   - reliability
   - readability
   - language-features
   - external/jsf
Query suites:
   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

This rule finds class members (functions or data) that are or use arrays. This is particularly important for functions with array type parameters, as these parameters are treated as pointers to the array’s first element inside the function (array decay). Assuming that it is still has the type of the array passed to the function can cause unexpected behavior (e.g. when using the sizeof operator).


Use the Array class, or explicitly declare the variable/parameter as a pointer so there is no possibility for confusion.


void f(char buf[]) { //wrong: uses an array as a parameter type
	int length = sizeof(buf); //will return sizeof(char*), not the size of the array passed


  • © GitHub, Inc.
  • Terms
  • Privacy