CXX.ARRAY_INDEX.WITHOUT

The use of n as an array index should only be done within an if statement that checks limits.

To avoid array buffer overruns, it is prudent to ensure that any array index expressions are encapsulated within an if statement checking the index expression is within limits.

Vulnerability and risk

Array access violations are a common source of security vulnerabilities in embedded systems in particular.

Vulnerable code example 1

Copy

1
array[n] = x;

This example includes no condition.

Vulnerable code example 2

Copy

1
2
if ( /* some condition but no mention of n */ )
    array[n + 1] = x;

This example includes a condition but with no mention of n.

Fixed code example

Copy

1
2
if (n < i && n > j) 
  array[n] = x;

This example includes a condition relating to n.

CXX.ARRAY_INDEX.WITHOUT_CHECK

Vulnerability and risk

Vulnerable code example 1

Vulnerable code example 2

Fixed code example