Main Content

ISO/IEC TS 17961 [sizeofptr]

Taking the size of a pointer to determine the size of the pointed-to type

expand all in page

Description

Rule Definition

Taking the size of a pointer to determine the size of the pointed-to type.1

Polyspace Implementation

This checker checks for Possible misuse of sizeof.

Examples

expand all

Issue

Possible misuse of sizeof occurs when Polyspace® Bug Finder™ detects possibly unintended results from the use of sizeof operator. For instance:

  • You use the sizeof operator on an array parameter name, expecting the array size. However, the array parameter name by itself is a pointer. The sizeof operator returns the size of that pointer.

  • You use the sizeof operator on an array element, expecting the array size. However, the operator returns the size of the array element.

  • The size argument of certain functions such as strncmp or wcsncpy is incorrect because you used the sizeof operator earlier with possibly incorrect expectations. For instance:

    • In a function call strncmp(string1, string2, num), num is obtained from an incorrect use of the sizeof operator on a pointer.

    • In a function call wcsncpy(destination, source, num), num is the not the number of wide characters but a size in bytes obtained by using the sizeof operator. For instance, you use wcsncpy(destination, source, sizeof(destination) - 1) instead of wcsncpy(destination, source, (sizeof(desintation)/sizeof(wchar_t)) - 1).

Risk

Incorrect use of the sizeof operator can cause the following issues:

  • If you expect the sizeof operator to return array size and use the return value to constrain a loop, the number of loop runs are smaller than what you expect.

  • If you use the return value of sizeof operator to allocate a buffer, the buffer size is smaller than what you require. Insufficient buffer can lead to resultant weaknesses such as buffer overflows.

  • If you use the return value of sizeof operator incorrectly in a function call, the function does not behave as you expect.

Fix

Possible fixes are:

  • Do not use the sizeof operator on an array parameter name or array element to determine array size.

    The best practice is to pass the array size as a separate function parameter and use that parameter in the function body.

  • Use the sizeof operator carefully to determine the number argument of functions such as strncmp or wcsncpy. For instance, for wide string functions such as wcsncpy, use the number of wide characters as argument instead of the number of bytes.

Example - sizeof Used Incorrectly to Determine Array Size
#define MAX_SIZE 1024

void func(int a[MAX_SIZE]) {
    int i;

    for (i = 0; i < sizeof(a)/sizeof(int); i++)    {
        a[i] = i + 1;
    }
}

In this example, sizeof(a) returns the size of the pointer a and not the array size.

Correction — Determine Array Size in Another Way

One possible correction is to use another means to determine the array size.

#define MAX_SIZE 1024

void func(int a[MAX_SIZE]) {
    int i;

    for (i = 0; i < MAX_SIZE; i++)    {
        a[i] = i + 1;
    }
}

Check Information

Decidability: Decidable

Version History

Introduced in R2019a

See Also

Topics

1 Extracts from the standard "ISO/IEC TS 17961 Technical Specification - 2013-11-15" are reproduced with the agreement of AFNOR. Only the original and complete text of the standard, as published by AFNOR Editions - accessible via the website www.boutique.afnor.org - has normative value.