CERT C: Rec. EXP03-C

Do not assume the size of a structure is the sum of the sizes of its members

Since R2025a

expand all in page

Description

Rule Definition

Do not assume the size of a structure is the sum of the sizes of its members1

Polyspace Implementation

Polyspace® checks for the issue Incorrect computed struct size.

Examples

expand all

Issue

This issue occurs when you perform a memory operation for a structure containing two or more members and you compute the size of the structure as a sum of the sizes of the members. For example, this code allocates memory for the struct buffer object buf_cpy. 

#include <stddef.h>
#include <stdlib.h>
#include <string.h>

struct buffer {
	size_t size;
	char bufferC[50];
} buff;

void foo(const struct buffer *buf) {
	//Violation  
	struct buffer *buf_cpy = (struct buffer *) malloc(sizeof(size_t) + sizeof(buff.bufferC)); 
}
When allocating the memory, the required memory is computed by summing the sizes of the components of struct buffer. Polyspace reports a violation.

Risk

The C standard does not specify that the size of a structure is always equal to the sum of the sizes of its members. Structures can have padding bits for various purposes. The location and size of the padding depends on the environment as well as the position and types of the structure members. When performing memory operations, assuming that the size of a structure is the same as the sum of the sizes of its members can lead to allocating insufficient memory for an operation and unexpected results.

Fix

To fix this violation, compute the size of a structure by using the structure type in a sizeof expression. Avoid computing the size of a structure by summing the sizes of its members.

Example

In this example, the function foo() allocates memory for an Account structure. During memory allocation, the size of an Account structure is computed by summing the sizes of its members. This computation does not include any padding bits that might be part of the structure. As a result, the allocated memory can be insufficient to store the object. Polyspace reports a violation.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

// Define a struct with 4 members
typedef struct {
	int id;           // 4 bytes
	double balance;   // 8 bytes
	char name[50];    // 50 bytes
	char status;      // 1 byte
} Account;



void foo(const Account *acptr) {
    size_t struct_size;
    Account *copy = (Account *) malloc(sizeof(int)  // Noncompliant
                    + sizeof(double) + 50 * sizeof(char) + sizeof(char)); 

	if(copy == NULL) {
		// handle error
	}
	memcpy(copy, acptr, sizeof(Account));
	free(copy);
}
Correction

To correct this violation, calculate the size of the structure by using the type Account in a sizeof expression.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

// Define a struct with 4 members
typedef struct {
	int id;           // 4 bytes
	double balance;   // 8 bytes
	char name[50];    // 50 bytes
	char status;      // 1 byte
} Account;



void foo(const Account *acptr) {
    size_t struct_size;
    Account *copy = (Account *) malloc(sizeof(Account)); // Compliant

	if(copy == NULL) {
		// handle error
	}
	memcpy(copy, acptr, sizeof(Account));
	free(copy);
}

Check Information

Group: Rec. 03. Expressions (EXP)

Version History

Introduced in R2025a

See Also

Topics

1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.