Possible misuse of sizeof

Use of sizeof operator can cause unintended results

Description

This defect occurs when Polyspace^® Bug Finder™ detects possibly unintended results from the use of sizeof operator. For instance:

You use the sizeof operator on an array parameter name, expecting the array size. However, the array parameter name by itself is a pointer. The sizeof operator returns the size of that pointer.
You use the sizeof operator on an array element, expecting the array size. However, the operator returns the size of the array element.
The size argument of certain functions such as strncmp or wcsncpy is incorrect because you used the sizeof operator earlier with possibly incorrect expectations. For instance:
- In a function call strncmp(string1, string2, num), num is obtained from an incorrect use of the sizeof operator on a pointer.
- In a function call wcsncpy(destination, source, num), num is the not the number of wide characters but a size in bytes obtained by using the sizeof operator. For instance, you use wcsncpy(destination, source, sizeof(destination) - 1) instead of wcsncpy(destination, source, (sizeof(desintation)/sizeof(wchar_t)) - 1).

Incorrect use of the sizeof operator can cause the following issues:

If you expect the sizeof operator to return array size and use the return value to constrain a loop, the number of loop runs are smaller than what you expect.
If you use the return value of sizeof operator to allocate a buffer, the buffer size is smaller than what you require. Insufficient buffer can lead to resultant weaknesses such as buffer overflows.
If you use the return value of sizeof operator incorrectly in a function call, the function does not behave as you expect.

Possible fixes are:

Do not use the sizeof operator on an array parameter name or array element to determine array size.
The best practice is to pass the array size as a separate function parameter and use that parameter in the function body.
Use the sizeof operator carefully to determine the number argument of functions such as strncmp or wcsncpy. For instance, for wide string functions such as wcsncpy, use the number of wide characters as argument instead of the number of bytes.

#define MAX_SIZE 1024

void func(int a[MAX_SIZE]) {
    int i;

    for (i = 0; i < sizeof(a)/sizeof(int); i++)    {
        a[i] = i + 1;
    }
}

In this example, sizeof(a) returns the size of the pointer a and not the array size.

Correction — Determine Array Size in Another Way

One possible correction is to use another means to determine the array size.

#define MAX_SIZE 1024

void func(int a[MAX_SIZE]) {
    int i;

    for (i = 0; i < MAX_SIZE; i++)    {
        a[i] = i + 1;
    }
}

Group: Programming

Language: C | C++

Default: On for handwritten code, off for generated code

Command-Line Syntax: SIZEOF_MISUSE

Impact: High

Introduced in R2015b